mirror of
https://git.notmuchmail.org/git/notmuch
synced 2024-12-22 17:34:54 +01:00
cli/reply: ensure encrypted Subject: line does not leak in the clear
Now that we can decrypt headers, we want to make sure that clients using "notmuch reply" to prepare a reply don't leak cleartext in their subject lines. In particular, the ["reply-headers"]["Subject"] should by default show the external Subject. A replying MUA that intends to protect the Subject line should show the user the Subject from ["original"]["headers"]["Subject"] instead of using ["reply-headers"]["Subject"]. This minor asymmetry with "notmuch show" is intentional. While both tools always render the cleartext subject line when they know it (in ["headers"]["Subject"] for "notmuch show" and in ["original"]["headers"]["Subject"] for "notmuch reply"), "notmuch reply" should never leak something that should stay under encrypted cover in "reply-headers". Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
This commit is contained in:
parent
996ef5710c
commit
b7b553e732
1 changed files with 7 additions and 0 deletions
|
@ -76,4 +76,11 @@ output=$(notmuch show --verify --format=json id:signed-protected-header@crypto.n
|
|||
test_json_nodes <<<"$output" \
|
||||
'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}'
|
||||
|
||||
test_begin_subtest "protected subject does not leak by default in replies"
|
||||
output=$(notmuch reply --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
|
||||
test_json_nodes <<<"$output" \
|
||||
'crypto:["original"]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
|
||||
'subject:["original"]["headers"]["Subject"]="This is a protected header"' \
|
||||
'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"'
|
||||
|
||||
test_done
|
||||
|
|
Loading…
Reference in a new issue