Add additionalAllowedPackets config option (#1618)

This config option allows parsing additional packet types when parsing a packet list or armored object, in contexts where they are normally not expected to appear, by passing a list of packet classes (e.g. `additionalAllowedPackets: [PublicKeyPacket]`).
2023-03-30 15:52:11 +02:00 · 2023-03-30 15:52:11 +02:00 · 0d025d8c3d
commit 0d025d8c3d
parent f72e34fefa
3 changed files with 26 additions and 0 deletions
--- a/src/config/config.js
+++ b/src/config/config.js
@ -177,6 +177,14 @@ export default {
   * @property {Boolean} ignoreMalformedPackets Ignore malformed packets on parsing instead of throwing an error
   */
  ignoreMalformedPackets: false,
+  /**
+   * Parsing of packets is normally restricted to a predefined set of packets. For example a Sym. Encrypted Integrity Protected Data Packet can only
+   * contain a certain set of packets including LiteralDataPacket. With this setting we can allow additional packets, which is probably not advisable
+   * as a global config setting, but can be used for specific function calls (e.g. decrypt method of Message).
+   * @memberof module:config
+   * @property {Array} additionalAllowedPackets Allow additional packets on parsing. Defined as array of packet classes, e.g. [PublicKeyPacket]
+   */
+  additionalAllowedPackets: [],
  /**
   * @memberof module:config
   * @property {Boolean} showVersion Whether to include {@link module:config/config.versionString} in armored messages
--- a/src/packet/packetlist.js
+++ b/src/packet/packetlist.js
@ -64,6 +64,9 @@ class PacketList extends Array {
   * @async
   */
  async read(bytes, allowedPackets, config = defaultConfig) {
+    if (config.additionalAllowedPackets.length) {
+      allowedPackets = { ...allowedPackets, ...util.constructAllowedPackets(config.additionalAllowedPackets) };
+    }
    this.stream = stream.transformPair(bytes, async (readable, writable) => {
      const writer = stream.getWriter(writable);
      try {
--- a/test/general/packet.js
+++ b/test/general/packet.js
@ -1052,5 +1052,20 @@ kePFjAnu9cpynKXu3usf8+FuBw2zLsg1Id1n7ttxoAte416KjBN9lFBt8mcu
      expect(parsed.length).to.equal(1);
      expect(parsed[0].tag).to.equal(openpgp.enums.packet.userID);
    });
+
+    it('Allow parsing of additional packets provided in `config.additionalAllowedPackets`', async function () {
+      const packets = new openpgp.PacketList();
+      packets.push(new openpgp.LiteralDataPacket());
+      packets.push(openpgp.UserIDPacket.fromObject({ name:'test', email:'test@a.it' }));
+      const bytes = packets.write();
+      const allowedPackets = { [openpgp.enums.packet.literalData]: openpgp.LiteralDataPacket };
+      await expect(openpgp.PacketList.fromBinary(bytes, allowedPackets)).to.be.rejectedWith(/Packet not allowed in this context: userID/);
+      const parsed = await openpgp.PacketList.fromBinary(bytes, allowedPackets, { ...openpgp.config, additionalAllowedPackets: [openpgp.UserIDPacket] });
+      expect(parsed.length).to.equal(1);
+      expect(parsed[0].constructor.tag).to.equal(openpgp.enums.packet.literalData);
+      const otherPackets = await stream.readToEnd(parsed.stream, _ => _);
+      expect(otherPackets.length).to.equal(1);
+      expect(otherPackets[0].constructor.tag).to.equal(openpgp.enums.packet.userID);
+    });
  });
 });