This is an automated email from the ASF dual-hosted git repository.
btellier pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/james-project.git
The following commit(s) were added to refs/heads/master by this push:
new 6128ae0423 [ENHANCEMENT] CommandInjectionDetectedException: cary over
the exception (#2663)
6128ae0423 is described below
commit 6128ae042354bcacac8782cf1c868f1af19f1ad7
Author: Benoit TELLIER <[email protected]>
AuthorDate: Tue Mar 4 14:24:56 2025 +0700
[ENHANCEMENT] CommandInjectionDetectedException: cary over the exception
(#2663)
---
.../james/protocols/netty/AllButStartTlsLineBasedChannelHandler.java | 2 +-
.../james/protocols/netty/CommandInjectionDetectedException.java | 4 +++-
.../org/apache/james/smtpserver/DataLineJamesMessageHookHandler.java | 3 ++-
3 files changed, 6 insertions(+), 3 deletions(-)
diff --git
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/AllButStartTlsLineBasedChannelHandler.java
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/AllButStartTlsLineBasedChannelHandler.java
index 52e7d2d000..6c1873bbad 100644
---
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/AllButStartTlsLineBasedChannelHandler.java
+++
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/AllButStartTlsLineBasedChannelHandler.java
@@ -64,7 +64,7 @@ public class AllButStartTlsLineBasedChannelHandler extends
LineBasedFrameDecoder
.map(Boolean.class::cast)
.orElse(false);
if (hasCommandInjection(trimedLowerCasedInput) ||
startTlsInFlight) {
- throw new CommandInjectionDetectedException();
+ throw new
CommandInjectionDetectedException(trimedLowerCasedInput);
}
// Prevents further reads on this channel to avoid race conditions
// Framer can accept IMAP requests sent concurrently while the
channel is
diff --git
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/CommandInjectionDetectedException.java
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/CommandInjectionDetectedException.java
index 175baac2d1..c3c238c10e 100644
---
a/protocols/netty/src/main/java/org/apache/james/protocols/netty/CommandInjectionDetectedException.java
+++
b/protocols/netty/src/main/java/org/apache/james/protocols/netty/CommandInjectionDetectedException.java
@@ -19,5 +19,7 @@
package org.apache.james.protocols.netty;
public class CommandInjectionDetectedException extends RuntimeException {
-
+ public CommandInjectionDetectedException(String input) {
+ super("Client input: " + input);
+ }
}
diff --git
a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/DataLineJamesMessageHookHandler.java
b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/DataLineJamesMessageHookHandler.java
index 5293d67904..3cfdb34580 100644
---
a/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/DataLineJamesMessageHookHandler.java
+++
b/server/protocols/protocols-smtp/src/main/java/org/apache/james/smtpserver/DataLineJamesMessageHookHandler.java
@@ -23,6 +23,7 @@ import java.io.Closeable;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
+import java.nio.charset.StandardCharsets;
import java.util.LinkedList;
import java.util.List;
@@ -74,7 +75,7 @@ public class DataLineJamesMessageHookHandler implements
DataLineFilter, Extensib
|| line[line.length - 2] != '\r'
|| line[line.length - 1] != '\n') {
- throw new CommandInjectionDetectedException();
+ throw new CommandInjectionDetectedException(new String(line,
StandardCharsets.UTF_8));
}
}
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
