suzanne.soy/fork-openpgpjs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #605 from FlowCrypt/issue_598_armor_headers

Browse Source 
improve armor header validation + tests | #598
This commit is contained in:
Bart Butler 2017-11-27 13:21:42 -08:00 committed by GitHub
commit f666e400fa
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/encoding/armor.js
View File

@ -224,7 +224,7 @@ function splitHeaders(text) {
*/
function verifyHeaders(headers) {
for (var i = 0; i < headers.length; i++) {
if (!/^[^:\s]+: .+$/.test(headers[i])) {
if (!/^([^\s:]|[^\s:][^:]*[^\s:]): .+$/.test(headers[i])) {
throw new Error('Improperly formatted armor header: ' + headers[i]);
}
if (config.debug && !/^(Version|Comment|MessageID|Hash|Charset): .+$/.test(headers[i])) {

28
test/general/armor.js
View File

@ -8,15 +8,17 @@ var chai = require('chai'),
describe("ASCII armor", function() {
function getArmor(headers) {
function getArmor(headers, signatureHeaders) {
return ['-----BEGIN PGP SIGNED MESSAGE-----']
.concat(headers)
.concat(
['',
'sign this',
'-----BEGIN PGP SIGNATURE-----',
'Version: GnuPG v2.0.22 (GNU/Linux)',
'',
'-----BEGIN PGP SIGNATURE-----']
)
.concat(signatureHeaders || ['Version: GnuPG v2.0.22 (GNU/Linux)'])
.concat(
['',
'iJwEAQECAAYFAlMrPj0ACgkQ4IT3RGwgLJfYkQQAgHMQieazCVdfGAfzQM69Egm5',
'HhcQszODD898wpoGCHgiNdNo1+5nujQAtXnkcxM+Vf7onfbTvUqut/siyO3fzqhK',
'LQ9DiQUwJMBE8nOwVR7Mpc4kLNngMTNaHAjZaVaDpTCrklPY+TPHIZnu0B6Ur+6t',
@ -100,18 +102,32 @@ describe("ASCII armor", function() {
expect(msg).to.be.an.instanceof(openpgp.cleartext.CleartextMessage);
});
it('Exception if improperly formatted armor header', function () {
it('Exception if improperly formatted armor header - plaintext section', function () {
var msg = getArmor(['Hash:SHA256']);
msg = openpgp.cleartext.readArmored.bind(null, msg);
expect(msg).to.throw(Error, /Improperly formatted armor header/);
msg = getArmor(['Ha sh: SHA256']);
msg = openpgp.cleartext.readArmored.bind(null, msg);
expect(msg).to.throw(Error, /Improperly formatted armor header/);
expect(msg).to.throw(Error, /Only "Hash" header allowed in cleartext signed message/);
msg = getArmor(['Hash SHA256']);
msg = openpgp.cleartext.readArmored.bind(null, msg);
expect(msg).to.throw(Error, /Improperly formatted armor header/);
});
it('Exception if improperly formatted armor header - signature section', function () {
[' Space: leading', 'Space : trailing', 'Space :switched', ': empty', 'none', 'Space:missing'].forEach(function (invalidHeader) {
expect(openpgp.cleartext.readArmored.bind(null, getArmor(['Hash: SHA1'], [invalidHeader]))).to.throw(Error, /Improperly formatted armor header/);
});
});
it('Ignore unknown armor header - signature section', function () {
var validHeaders = ['Version: BCPG C# v1.7.4114.6375', 'Independent Reserve Pty. Ltd. 2017: 1.0.0.0'];
expect(openpgp.cleartext.readArmored(getArmor(['Hash: SHA1'], validHeaders))).to.be.an.instanceof(openpgp.cleartext.CleartextMessage);
['A: Hello', 'Ab: 1.2.3', 'Abcd: #!/yah', 'Acd 123 5.6.$.8: Hello', '_: Hello', '*: Hello', '* & ## ?? ()(): Hello', '( ): Weird'].forEach(function (validHeader) {
expect(openpgp.cleartext.readArmored(getArmor(['Hash: SHA1'], [validHeader]))).to.be.an.instanceof(openpgp.cleartext.CleartextMessage);
});
});
it('Exception if wrong armor header type', function () {
var msg =
['-----BEGIN PGP SIGNED MESSAGE\u2010\u2010\u2010\u2010\u2010\nHash:SHA1\n\nIs this properly-----',