X-Git-Url: https://git.notmuchmail.org/git?p=notmuch;a=blobdiff_plain;f=test%2FT356-protected-headers.sh;h=43dfffe696d2858e9ad0400156596e701c4f153e;hp=62d7e2106bdea0b14690ae44d8186c7dda36e8e4;hb=27b25e45dc675af2e9ffeea014a54e34bfbdad83;hpb=996ef5710cd5b9a5de6394018f21955a775f7511 diff --git a/test/T356-protected-headers.sh b/test/T356-protected-headers.sh index 62d7e210..43dfffe6 100755 --- a/test/T356-protected-headers.sh +++ b/test/T356-protected-headers.sh @@ -76,4 +76,97 @@ output=$(notmuch show --verify --format=json id:signed-protected-header@crypto.n test_json_nodes <<<"$output" \ 'crypto:[0][0][0]["crypto"]={"signed": {"status": [{"created": 1525350527, "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "status": "good"}], "headers": ["Subject"]}}' +test_begin_subtest "protected subject does not leak by default in replies" +output=$(notmuch reply --decrypt=true --format=json id:protected-header@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:["original"]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \ + 'subject:["original"]["headers"]["Subject"]="This is a protected header"' \ + 'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"' + +test_begin_subtest "protected subject is not indexed by default" +output=$(notmuch search --output=messages 'subject:"This is a protected header"') +test_expect_equal "$output" '' + +test_begin_subtest "reindex message with protected header" +test_expect_success 'notmuch reindex --decrypt=true id:protected-header@crypto.notmuchmail.org' + +test_begin_subtest "protected subject is indexed when cleartext is indexed" +output=$(notmuch search --output=messages 'subject:"This is a protected header"') +test_expect_equal "$output" 'id:protected-header@crypto.notmuchmail.org' + +test_begin_subtest "indexed protected subject is visible in search" +output=$(notmuch search --format=json 'id:protected-header@crypto.notmuchmail.org') +test_json_nodes <<<"$output" \ + 'subject:[0]["subject"]="This is a protected header"' + +test_begin_subtest "indexed protected subject is not visible in reply header" +output=$(notmuch reply --format=json 'id:protected-header@crypto.notmuchmail.org') +test_json_nodes <<<"$output" \ + 'subject:["original"]["headers"]["Subject"]="This is a protected header"' \ + 'reply-subject:["reply-headers"]["Subject"]="Re: Subject Unavailable"' + +test_begin_subtest "verify correct protected header when submessage exists" +output=$(notmuch show --decrypt=true --format=json id:encrypted-message-with-forwarded-attachment@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="This is the cryptographic envelope subject"' + +test_begin_subtest "verify protected header is both signed and encrypted" +output=$(notmuch show --decrypt=true --format=json id:encrypted-signed@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={ + "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "created": 1525812676}], + "encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full", "header-mask": {"Subject": "Subject Unavailable"}}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"' + +test_begin_subtest "verify protected header is signed even when not masked" +output=$(notmuch show --decrypt=true --format=json id:encrypted-signed-not-masked@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'crypto:[0][0][0]["crypto"]={ + "signed":{"status": [{"status": "good", "fingerprint": "'$FINGERPRINT'", "userid": "'"$SELF_USERID"'", "created": 1525812676}], + "encrypted": true, "headers": ["Subject"]},"decrypted": {"status": "full"}}' \ + 'subject:[0][0][0]["headers"]["Subject"]="Rhinoceros dinner"' + +test_begin_subtest "reindex everything, ensure headers are as expected" +notmuch reindex --decrypt=true from:test_suite@notmuchmail.org +output=$(notmuch search --output=messages 'subject:"protected header" or subject:"Rhinoceros" or subject:"draft-melnikov-smime-header-signing" or subject:"valid"' | sort) +test_expect_equal "$output" 'id:encrypted-signed-not-masked@crypto.notmuchmail.org +id:encrypted-signed@crypto.notmuchmail.org +id:nested-rfc822-message@crypto.notmuchmail.org +id:protected-header@crypto.notmuchmail.org +id:subjectless-protected-header@crypto.notmuchmail.org' + +test_begin_subtest "when rendering protected headers, avoid rendering legacy-display part" +test_subtest_known_broken +output=$(notmuch show --format=json id:protected-with-legacy-display@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'subject:[0][0][0]["headers"]["Subject"]="Interrupting Cow"' \ + 'no_legacy_display:[0][0][0]["body"][0]["content"][1]["content-type"]="text/plain"' + +test_begin_subtest "when replying, avoid rendering legacy-display part" +test_subtest_known_broken +output=$(notmuch reply --format=json id:protected-with-legacy-display@crypto.notmuchmail.org) +test_json_nodes <<<"$output" \ + 'no_legacy_display:["original"]["body"][0]["content"][1]["content-type"]="text/plain"' + +test_begin_subtest "do not treat legacy-display part as body when indexing" +test_subtest_known_broken +output=$(notmuch search --output=messages body:interrupting) +test_expect_equal "$output" '' + +test_begin_subtest "identify message that had a legacy display part skipped during indexing" +test_subtest_known_broken +output=$(notmuch search --output=messages property:index.repaired=skip-protected-headers-legacy-display) +test_expect_equal "$output" id:protected-with-legacy-display@crypto.notmuchmail.org + +# TODO: test that a part that looks like a legacy-display in +# multipart/signed, but not encrypted, is indexed and not stripped. + +# TODO: test that a legacy-display in a decrypted subpart (not in the +# cryptographic payload) is indexed and not stripped. + +# TODO: test that a legacy-display inside multiple MIME layers that +# include an encryption layer (e.g. multipart/encrypted around +# multipart/signed) is stripped and not indexed. + test_done