You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@james.apache.org by bt...@apache.org on 2022/03/30 03:55:44 UTC
[james-project] 05/06: JAMES-1862 Add an extra test for LF only upon STARTTLS command injection detection
This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
commit 4cf022d53f211e271841691466d2b08ed7776a9d
Author: Benoit Tellier <bt...@linagora.com>
AuthorDate: Sat Mar 19 20:50:51 2022 +0700
JAMES-1862 Add an extra test for LF only upon STARTTLS command injection detection
---
.../java/org/apache/james/imapserver/netty/IMAPServerTest.java | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java b/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
index e4ab6f6..2eaa0d4 100644
--- a/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
+++ b/server/protocols/protocols-imap4/src/test/java/org/apache/james/imapserver/netty/IMAPServerTest.java
@@ -493,6 +493,15 @@ class IMAPServerTest {
}
@Test
+ void extraLFLinesBatchedWithStartTLSShouldBeSanitized() throws Exception {
+ IMAPSClient imapClient = new IMAPSClient();
+ imapClient.connect("127.0.0.1", port);
+ assertThatThrownBy(() -> imapClient.sendCommand("STARTTLS\nA1 NOOP\r\n"))
+ .isInstanceOf(EOFException.class)
+ .hasMessage("Connection closed without indication.");
+ }
+
+ @Test
void tagsShouldBeWellSanitized() throws Exception {
IMAPSClient imapClient = new IMAPSClient();
imapClient.connect("127.0.0.1", port);
---------------------------------------------------------------------
To unsubscribe, e-mail: notifications-unsubscribe@james.apache.org
For additional commands, e-mail: notifications-help@james.apache.org