Track tainted data and refuse to expand it

author: Jeremy Harris <jgh146exb@wizmail.org> 2019-07-25 12:06:07 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2019-07-25 12:06:07 +0100
commit: f3ebb786e451da973560f1c9d8cdb151d25108b5 (patch)
tree: 8fd69711b9a429b20a1b8b1d18ae63b726cb9723 /test/stderr/5410
parent: 21aa05977abff1eaa69bb97ef99080220915f7c0 (diff)
1 files changed, 22 insertions, 0 deletions
diff --git a/test/stderr/5410 b/test/stderr/5410
index 7978a0266..a554fd953 100644
--- a/test/stderr/5410
+++ b/test/stderr/5410
@@ -38,6 +38,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: userx
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
@@ -48,6 +49,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: userx
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ...  connected
  ╭considering: $primary_hostname
@@ -67,6 +69,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: userx
+             ╰──(tainted)
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
@@ -86,6 +89,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{userz}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: userx
+             ╰──(tainted)
   ╭considering: userz}{*}{:}}
   ├──expanding: userz
   ╰─────result: userz
@@ -191,10 +195,12 @@ end of inline ACL: ACCEPT
    	
    ╰─────result: (helo=myhost.test.ex)
    	
+              ╰──(tainted)
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   	}}
   ╰─────result: from CALLER (helo=myhost.test.ex)
   	
+             ╰──(tainted)
  ├──condition: def:received_protocol
  ├─────result: true
   ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
@@ -233,6 +239,7 @@ end of inline ACL: ACCEPT
   	for $received_for
   ╰─────result: 
   	for userx@domain.com
+             ╰──(tainted)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
  	}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  	}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
@@ -245,6 +252,7 @@ end of inline ACL: ACCEPT
  	(envelope-from <CALLER@myhost.test.ex>)
  	id 10HmaX-0005vi-00
  	for userx@domain.com
+            ╰──(tainted)
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
@@ -305,6 +313,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
@@ -315,6 +324,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ...  connected
  ╭considering: $primary_hostname
@@ -334,6 +344,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: usery
+             ╰──(tainted)
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
@@ -427,10 +438,12 @@ end of inline ACL: ACCEPT
    	
    ╰─────result: (helo=myhost.test.ex)
    	
+              ╰──(tainted)
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   	}}
   ╰─────result: from CALLER (helo=myhost.test.ex)
   	
+             ╰──(tainted)
  ├──condition: def:received_protocol
  ├─────result: true
   ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
@@ -469,6 +482,7 @@ end of inline ACL: ACCEPT
   	for $received_for
   ╰─────result: 
   	for usery@domain.com
+             ╰──(tainted)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
  	}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  	}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
@@ -481,6 +495,7 @@ end of inline ACL: ACCEPT
  	(envelope-from <CALLER@myhost.test.ex>)
  	id 10HmaZ-0005vi-00
  	for usery@domain.com
+            ╰──(tainted)
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
@@ -541,6 +556,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 ----------- end verify ------------
 accept: condition test succeeded in ACL "cutthrough"
@@ -551,6 +567,7 @@ domain.com in "! +local_domains"? yes (end of list)
  ╭considering: $local_part
  ├──expanding: $local_part
  ╰─────result: usery
+            ╰──(tainted)
 domain.com in "*"? yes (matched "*")
 Connecting to 127.0.0.1 [127.0.0.1]:1225 from ip4.ip4.ip4.ip4 ...  connected
  ╭considering: $primary_hostname
@@ -570,6 +587,7 @@ cmd buf flush ddd bytes
   ╭considering: $address_data}{usery}{*}{:}}
   ├──expanding: $address_data
   ╰─────result: usery
+             ╰──(tainted)
   ╭considering: usery}{*}{:}}
   ├──expanding: usery
   ╰─────result: usery
@@ -663,10 +681,12 @@ end of inline ACL: ACCEPT
    	
    ╰─────result: (helo=myhost.test.ex)
    	
+              ╰──(tainted)
   ├──expanding: ${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
   	}}
   ╰─────result: from CALLER (helo=myhost.test.ex)
   	
+             ╰──(tainted)
  ├──condition: def:received_protocol
  ├─────result: true
   ╭considering: with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
@@ -705,6 +725,7 @@ end of inline ACL: ACCEPT
   	for $received_for
   ╰─────result: 
   	for usery@domain.com
+             ╰──(tainted)
  ├──expanding: Received: ${if def:sender_rcvhost {from $sender_rcvhost
  	}{${if def:sender_ident {from ${quote_local_part:$sender_ident} }}${if def:sender_helo_name {(helo=$sender_helo_name)
  	}}}}by $primary_hostname ${if def:received_protocol {with $received_protocol }}${if def:tls_in_cipher_std { tls $tls_in_cipher_std
@@ -717,6 +738,7 @@ end of inline ACL: ACCEPT
  	(envelope-from <CALLER@myhost.test.ex>)
  	id 10HmbB-0005vi-00
  	for usery@domain.com
+            ╰──(tainted)
 ----------- start cutthrough headers send -----------
 ----------- done cutthrough headers send ------------
  ╭considering: ${tod_full}
author	Jeremy Harris <jgh146exb@wizmail.org>	2019-07-25 12:06:07 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2019-07-25 12:06:07 +0100
commit	f3ebb786e451da973560f1c9d8cdb151d25108b5 (patch)
tree	8fd69711b9a429b20a1b8b1d18ae63b726cb9723 /test/stderr/5410
parent	21aa05977abff1eaa69bb97ef99080220915f7c0 (diff)