Skip to content

Multiple recipient email #1418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CTY-git merged 4 commits into from
Mar 6, 2025
Merged

Multiple recipient email #1418

CTY-git merged 4 commits into from
Mar 6, 2025

Conversation

@CTY-git
Copy link
Contributor

@CTY-git CTY-git commented Mar 6, 2025

PR Checklist

  • The commit message follows our guidelines: Code of conduct
  • Tests for the changes have been added (for bug fixes / features)
  • Docs have been added / updated (for bug fixes / features)
  • Does this PR introduce a breaking change?
  • Include PR in release notes?

PR Type

  • Bugfix
  • Feature
  • Refactoring
  • Build /CI
  • Documentation
  • Others

What is the current behavior?

Issue Number: N/A

What is the new behavior?

Other information

@CTY-git CTY-git requested a review from whoisarpit March 6, 2025 08:28
@patched-admin
Copy link
Contributor

patched-admin commented Mar 6, 2025

File Changed: patchwork/steps/SendEmail/SendEmail.py

Rule 1 - Do not ignore potential bugs in the code
Details: Potential bug found in recipient email parsing. The parse_to_list function is called with delimiters [" ", ","] but there's no validation of the resulting list to ensure it contains valid email addresses. This could lead to runtime errors if invalid email addresses are provided.

Affected Code Snippet:

self.recipient_email = parse_to_list(inputs["recipient_email"], [" ", ","])

Start Line: 19
End Line: 19

Rule 1 - Do not ignore potential bugs in the code (Additional Finding)
Details: The code assumes smtp_clazz will always establish a successful connection. There's no error handling for connection failures, authentication failures, or sending failures which could cause the application to crash.

Affected Code Snippet:

with smtp_clazz(host=self.smtp_host, port=self.smtp_port) as mailserver:
    mailserver.login(self.smtp_username, self.smtp_password)
    mailserver.send_message(msg)

Start Line: 41
End Line: 43

Rule 2 - Do not overlook possible security vulnerabilities
Details: The code includes potential security vulnerability where template injection could occur through unvalidated input in the mustache rendering. The email_template_value is used directly in both subject and body without sanitization.

Affected Code Snippet:

msg.set_content(mustache_render(self.body, self.email_template_value))
msg["Subject"] = mustache_render(self.subject, self.email_template_value)

Start Line: 29
End Line: 30

@CTY-git CTY-git merged commit dc95064 into main Mar 6, 2025
3 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@whoisarpit whoisarpit whoisarpit approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@CTY-git @patched-admin @whoisarpit