fix: validate CAPABILITY arguments (closes #260)#262
fix: validate CAPABILITY arguments (closes #260)#262Deepak8858 wants to merge 2 commits intoLSFLK:mainfrom
Conversation
|
Deepak Singh seems not to be a GitHub user. You need a GitHub account to be able to sign the CLA. If you have already a GitHub account, please add the email address used for this commit to your account. You have signed the CLA already but the status is still pending? Let us recheck it. |
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
This pull request updates the HandleCapability function to enforce RFC 3501 compliance by ensuring no arguments are passed to the command. The function signature now includes the command parts, and all references in the codebase and tests have been updated. Feedback identifies a critical syntax error in capability_test.go that causes a compilation failure and suggests adding a test case to verify the new validation logic.
| for i, state := range states { | ||
| conn := server.NewMockConn() | ||
| srv.HandleCapability(conn, fmt.Sprintf("STATE%d", i), state) | ||
| srv.HandleCapability(conn, fmt.Sprintf("STATE%d", []string{fmt.Sprintf("STATE%d", "CAPABILITY"}, i), state) |
There was a problem hiding this comment.
This line appears to have a copy-paste error that will cause a compilation failure. The arguments to fmt.Sprintf are incorrect, and the arguments to HandleCapability are misplaced.
| srv.HandleCapability(conn, fmt.Sprintf("STATE%d", []string{fmt.Sprintf("STATE%d", "CAPABILITY"}, i), state) | |
| srv.HandleCapability(conn, fmt.Sprintf("STATE%d", i), []string{fmt.Sprintf("STATE%d", i), "CAPABILITY"}, state) |
| if len(parts) > 2 { | ||
| deps.SendResponse(conn, fmt.Sprintf("%s BAD CAPABILITY takes no arguments", tag)) | ||
| return | ||
| } |
There was a problem hiding this comment.
This argument validation is a good addition for RFC compliance. To ensure it works as expected and prevent future regressions, it would be beneficial to add a test case for this failure scenario.
You could add the following sub-test to TestCapabilityCommand_EdgeCases in internal/server/auth/capability_test.go:
t.Run("WithArguments", func(t *testing.T) {
srv := server.SetupTestServerSimple(t)
conn := server.NewMockConn()
state := &models.ClientState{Authenticated: false}
tag := "ARGTEST"
parts := []string{tag, "CAPABILITY", "some_arg"}
srv.HandleCapability(conn, tag, parts, state)
response := conn.GetWrittenData()
expected := fmt.Sprintf("%s BAD CAPABILITY takes no arguments\\r\\n", tag)
if response != expected {
t.Errorf("Expected response '%s', got '%s'", expected, response)
}
})
|
Hi @Deepak8858, thank you for wanting to contribute to the Raven codebase. We ask all our contributors to sign our CLA. You can do so by clicking the link left by the CLA assistant. Once you have done so, please fix the issues picked up by the ci and the merge conflicts. Feel free to tag me and @Aravinda-HWK, once you are done and we will review it. Thank you for your contribution. |
4 participants
RFC 3501 specifies that the CAPABILITY command takes no arguments. This PR adds validation to return BAD if arguments are provided, ensuring better compliance with the IMAP protocol.
Fixes #260