suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

improve armor header validation + tests | #598

Browse Source
This commit is contained in:
Tom James Holub 2017-11-25 10:57:41 +08:00
parent bee9928e54
commit 4495df0f42
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/encoding/armor.js
View File

@ -224,7 +224,7 @@ function splitHeaders(text) {
*/ */
function verifyHeaders(headers) { function verifyHeaders(headers) {
for (var i = 0; i < headers.length; i++) { for (var i = 0; i < headers.length; i++) {
if (!/^[^:\s]+: .+$/.test(headers[i])) { if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
throw new Error('Improperly formatted armor header: ' + headers[i]); throw new Error('Improperly formatted armor header: ' + headers[i]);
} }
if (config.debug && !/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) { if (config.debug && !/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {

28
test/general/armor.js
View File

@ -8,15 +8,17 @@ var chai = require('chai'),
describe("ASCII armor", function() { describe("ASCII armor", function() {
function getArmor(headers) { function getArmor(headers, signatureHeaders) {
return ['-----BEGIN PGP SIGNED MESSAGE-----'] return ['-----BEGIN PGP SIGNED MESSAGE-----']
.concat(headers) .concat(headers)
.concat( .concat(
['', ['',
'sign this', 'sign this',
'-----BEGIN PGP SIGNATURE-----', '-----BEGIN PGP SIGNATURE-----']
'Version: GnuPG v2.0.22 (GNU/Linux)', )
'', .concat(signatureHeaders || ['Version: GnuPG v2.0.22 (GNU/Linux)'])
.concat(
['',
'iJwEAQECAAYFAlMrPj0ACgkQ4IT3RGwgLJfYkQQAgHMQieazCVdfGAfzQM69Egm5', 'iJwEAQECAAYFAlMrPj0ACgkQ4IT3RGwgLJfYkQQAgHMQieazCVdfGAfzQM69Egm5',
'HhcQszODD898wpoGCHgiNdNo1+5nujQAtXnkcxM+Vf7onfbTvUqut/siyO3fzqhK', 'HhcQszODD898wpoGCHgiNdNo1+5nujQAtXnkcxM+Vf7onfbTvUqut/siyO3fzqhK',
'LQ9DiQUwJMBE8nOwVR7Mpc4kLNngMTNaHAjZaVaDpTCrklPY+TPHIZnu0B6Ur+6t', 'LQ9DiQUwJMBE8nOwVR7Mpc4kLNngMTNaHAjZaVaDpTCrklPY+TPHIZnu0B6Ur+6t',
@ -100,18 +102,32 @@ describe("ASCII armor", function() {
expect(msg).to.be.an.instanceof(openpgp.cleartext.CleartextMessage); expect(msg).to.be.an.instanceof(openpgp.cleartext.CleartextMessage);
}); });
it('Exception if improperly formatted armor header', function () { it('Exception if improperly formatted armor header - plaintext section', function () {
var msg = getArmor(['Hash:SHA256']); var msg = getArmor(['Hash:SHA256']);
msg = openpgp.cleartext.readArmored.bind(null, msg); msg = openpgp.cleartext.readArmored.bind(null, msg);
expect(msg).to.throw(Error, /Improperly formatted armor header/); expect(msg).to.throw(Error, /Improperly formatted armor header/);
msg = getArmor(['Ha sh: SHA256']); msg = getArmor(['Ha sh: SHA256']);
msg = openpgp.cleartext.readArmored.bind(null, msg); msg = openpgp.cleartext.readArmored.bind(null, msg);
expect(msg).to.throw(Error, /Improperly formatted armor header/); expect(msg).to.throw(Error, /Only "Hash" header allowed in cleartext signed message/);
msg = getArmor(['Hash SHA256']); msg = getArmor(['Hash SHA256']);
msg = openpgp.cleartext.readArmored.bind(null, msg); msg = openpgp.cleartext.readArmored.bind(null, msg);
expect(msg).to.throw(Error, /Improperly formatted armor header/); expect(msg).to.throw(Error, /Improperly formatted armor header/);
}); });
it('Exception if improperly formatted armor header - signature section', function () {
[' Space: leading', 'Space : trailing', 'Space :switched', ': empty', 'none', 'Space:missing'].forEach(function (invalidHeader) {
expect(openpgp.cleartext.readArmored.bind(null, getArmor(['Hash: SHA1'], [invalidHeader]))).to.throw(Error, /Improperly formatted armor header/);
});
});
it('Ignore unknown armor header - signature section', function () {
var validHeaders = ['Version: BCPG C# v1.7.4114.6375', 'Independent Reserve Pty. Ltd. 2017: 1.0.0.0'];
expect(openpgp.cleartext.readArmored(getArmor(['Hash: SHA1'], validHeaders))).to.be.an.instanceof(openpgp.cleartext.CleartextMessage);
['A: Hello', 'Ab: 1.2.3', 'Abcd: #!/yah', 'Acd 123 5.6.$.8: Hello', '_: Hello', '*: Hello', '* & ## ?? ()(): Hello', '( ): Weird'].forEach(function (validHeader) {
expect(openpgp.cleartext.readArmored(getArmor(['Hash: SHA1'], [validHeader]))).to.be.an.instanceof(openpgp.cleartext.CleartextMessage);
});
});
it('Exception if wrong armor header type', function () { it('Exception if wrong armor header type', function () {
var msg = var msg =
['-----BEGIN PGP SIGNED MESSAGE\u2010\u2010\u2010\u2010\u2010\nHash:SHA1\n\nIs this properly-----', ['-----BEGIN PGP SIGNED MESSAGE\u2010\u2010\u2010\u2010\u2010\nHash:SHA1\n\nIs this properly-----',