cli/reply: ensure encrypted Subject: line does not leak in the clear

[notmuch] / test / T356-protected-headers.sh

diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh
index 62d7e2106bdea0b14690ae44d8186c7dda36e8e4..ff37f6bdc1fc883072d63f16bb4f5066478afdd1 100755 (executable)
--- a/test/T356-protected-headers.sh
+++ b/test/T356-protected-headers.sh
@@ -76,4 +76,11 @@ output=$(notmuch show --verify --format=json id:signed-protected-header@crypto.n
 test_json_nodes <<<"$output" \
                 'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}'
 
+test_begin_subtest "protected subject does not leak by default in replies"
+output=$(notmuch reply --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org)
+test_json_nodes <<<"$output" \
+                'crypto:["original"]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \
+                'subject:["original"]["headers"]["Subject"]="This is a protected header"' \
+                'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"'
+
 test_done