phires / go-guerrilla Goto Github PK
View Code? Open in Web Editor NEWLicense: MIT License
go-guerrilla's People
Contributors
Stargazers
Watchers
go-guerrilla's Issues
gosec: p_hasher.go: G401 (CWE-326): Use of weak cryptographic primitive
[/go-guerrilla/backends/p_hasher.go:41] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
40: // base hash, use subject from and timestamp-nano
> 41: h := md5.New()
42: ts := fmt.Sprintf("%d", time.Now().UnixNano())
gosec: api.go: G304 (CWE-22): Potential file inclusion via variable
[/Users/Philipp.Resch/dev/go-guerrilla/api.go:93] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
92: var ac AppConfig
> 93: data, err := ioutil.ReadFile(path)
94: if err != nil {
gosec: util.go: G401 (CWE-326): Use of weak cryptographic primitive
[/dev/go-guerrilla/backends/util.go:40] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
39: func MD5Hex(stringArguments ...string) string {
> 40: h := md5.New()
41: var r *strings.Reader
gosec: util.go: (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive
[/go-guerrilla/backends/util.go:6] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
5: "compress/zlib"
> 6: "crypto/md5"
7: "fmt"
Docker support
Create a Dockerfile and basic environment configuration for easier deployment
gosec: generate_cert.go: G304 (CWE-22): Potential file inclusion via variable
[/dev/go-guerrilla/tests/testcert/generate_cert.go:142] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
141:
> 142: certOut, err := os.Create(dirPrefix + host + ".cert.pem")
143: if err != nil {
gosec: hook.go: G304 (CWE-22): Potential file inclusion via variable
[/go-guerrilla/log/hook.go:116] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
115: func (hook *LogrusHook) openAppend(dest string) (err error) {
> 116: fd, err := os.OpenFile(dest, os.O_APPEND|os.O_WRONLY, 0644)
117: if err != nil {
gesec: envolope.go: G401 (CWE-326): Use of weak cryptographic primitive
[/go-guerrilla/mail/envelope.go:164] - G401 (CWE-326): Use of weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
163: var queueID = fmt.Sprintf("%x%x", time.Now().Unix(), clientID)
> 164: return fmt.Sprintf("%x", md5.Sum([]byte(queueID)))
165: }
AWS S3 Backend
Import from original repo issue #228 reported by simonmacklin
Hi
Thanks for this great package! I would like to write a new processor to push each email to s3. This would be to mimic the AWS SES to S3 feature.
Do you see any issues using this package and a S3 processor?
If no would you me to create a PR for the processor to be part of this package?
Thanks
Simon
gosec: p_sql.go: G202 (CWE-89): SQL string concatenation
[/Users/Philipp.Resch/dev/go-guerrilla/backends/p_sql.go:95] - G202 (CWE-89): SQL string concatenation (Confidence: HIGH, Severity: MEDIUM)
94: // do we have permission to access the table?
> 95: _, err = db.Query("SELECT mail_id FROM " + s.config.Table + " LIMIT 1")
96: if err != nil {
p_guerrilla_db_redis.go: G202 (CWE-89): SQL string concatenation
[/dev/go-guerrilla/backends/p_guerrilla_db_redis.go:155-173] - G202 (CWE-89): SQL string concatenation (Confidence: HIGH, Severity: MEDIUM)
154: }
> 155: sqlstr := "INSERT INTO " + g.config.Table + "" +
> 156: "(" +
> 157: "`date`, " +
> 158: "`to`, " +
> 159: "`from`, " +
> 160: "`subject`, " +
> 161: "`body`, " +
> 162: "`charset`, " +
> 163: "`mail`, " +
> 164: "`spam_score`, " +
> 165: "`hash`, " +
> 166: "`content_type`, " +
> 167: "`recipient`, " +
> 168: "`has_attach`, " +
> 169: "`ip_addr`, " +
> 170: "`return_path`, " +
> 171: "`is_tls`" +
> 172: ")" +
> 173: " values "
174: values := "(NOW(), ?, ?, ?, ? , 'UTF-8' , ?, 0, ?, '', ?, 0, ?, ?, ?)"
Windows Compilation
Original issue flashmob/go-guerrilla#230
How to compile the cmd on Windows?? There's a way?
syscall.sigusr1 is not compatible..
Thanks in advance.
gosec: _guerrilla_db_redis.go: G202 (CWE-89): SQL string concatenation
[/dev/go-guerrilla/backends/p_guerrilla_db_redis.go:328] - G202 (CWE-89): SQL string concatenation (Confidence: HIGH, Severity: MEDIUM)
327: // do we have access?
> 328: _, err = db.Query("SELECT mail_id FROM " + g.config.Table + " LIMIT 1")
329: if err != nil {
gosec: G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand)
[/go-guerrilla/backends/p_guerrilla_db_redis.go:487] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
486: // give the values to a random query batcher
> 487: feeders[rand.Intn(len(feeders))] <- vals
488: return p.Process(e, task)
gosec: server.go G402 (CWE-295): TLS MinVersion too low.
[/go-guerrilla/server.go:130-134] - G402 (CWE-295): TLS MinVersion too low. (Confidence: HIGH, Severity: HIGH)
129: }
> 130: tlsConfig := &tls.Config{
> 131: Certificates: []tls.Certificate{cert},
> 132: ClientAuth: tls.VerifyClientCertIfGiven,
> 133: ServerName: sConfig.Hostname,
> 134: }
135: if len(sConfig.TLS.Protocols) > 0 {
gosec: hook.go: G304 (CWE-22): Potential file inclusion via variable
[/go-guerrilla/log/hook.go:130] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
129: func (hook *LogrusHook) openCreate(dest string) (err error) {
> 130: fd, err := os.OpenFile(dest, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
131: if err != nil {
Why go-guerrilla having limit 30kb of email data can be a header
I am using go-guerrilla in my production environment, sending mail with header more than 30K, but getting 4x parser error.
Why we have limit 30KB of email data can be a header, we don;t have such limit in postfix.
Can we increase this limit?
Here attached my mail data
email.txt
Please help me here to increase email header size from 30KB to 1MB
gosec: hook.go: G302 (CWE-276): Expect file permissions to be 0600 or less
[/go-guerrilla/log/hook.go:130] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
129: func (hook *LogrusHook) openCreate(dest string) (err error) {
> 130: fd, err := os.OpenFile(dest, os.O_CREATE|os.O_TRUNC|os.O_WRONLY, 0644)
131: if err != nil {
gosec: G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand)
[/go-guerrilla/response/quote.go:158] - G404 (CWE-338): Use of weak random number generator (math/rand instead of crypto/rand) (Confidence: MEDIUM, Severity: HIGH)
157: rand.Seed(time.Now().UnixNano())
> 158: return quotes.m[rand.Intn(len(quotes.m))]
159: }
gosec: generate_cert.go: G304 (CWE-22): Potential file inclusion via variable
[/dev/go-guerrilla/tests/testcert/generate_cert.go:157] - G304 (CWE-22): Potential file inclusion via variable (Confidence: HIGH, Severity: MEDIUM)
156:
> 157: keyOut, err := os.OpenFile(dirPrefix+host+".key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
158: if err != nil {
HELP is not compliant with RFC 2034 (ENHANCEDSTATUSCODES)
Import from original repo issue #224 reported by Sainan
gosec: client.go: G402 (CWE-295): TLS InsecureSkipVerify set true.
[/go-guerrilla/tests/client.go:21] - G402 (CWE-295): TLS InsecureSkipVerify set true. (Confidence: HIGH, Severity: HIGH)
20: conn, err = tls.Dial("tcp", serverConfig.ListenInterface, &tls.Config{
> 21: InsecureSkipVerify: true,
22: ServerName: "127.0.0.1",
How to get the time taken to receive single mail in go-guerrilla
Team,
I have SMTP listener service which use flashmob/go-guerrilla 1.6.1 to receive the mail, I want to know what is the single mail receive time. How can I measure this?
This will give idea what is my service throughout per seconds.
Can you please provide this information ?
gosec: envelope.go: G501 (CWE-327): Blocklisted import crypto/md5
[/dev/go-guerrilla/mail/envelope.go:6] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
5: "bytes"
> 6: "crypto/md5"
7: "errors"
BDAT not supported
Getting this error for some messages
Your message contains invalid characters (bare line feed characters) which the email servers don't support.
additional information is referencing BDAT command. Can't seem to find any references to this in the code or existing issues. Any suggestions?
"This error occurs when the email program or device used to create or send an email message adds bare line feed characters into the message. When bare line feed characters are included in a message, the SMTP protocol chunking feature is required to transmit the message between email servers. Chunking uses the SMTP protocol BDAT command, but the recipient's email server doesn't support the BDAT command."
gosec: hook.go: G302 (CWE-276): Expect file permissions to be 0600 or less
[/go-guerrilla/log/hook.go:116] - G302 (CWE-276): Expect file permissions to be 0600 or less (Confidence: HIGH, Severity: MEDIUM)
115: func (hook *LogrusHook) openAppend(dest string) (err error) {
> 116: fd, err := os.OpenFile(dest, os.O_APPEND|os.O_WRONLY, 0644)
117: if err != nil {
gosec: p_hasher.go: (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive
[/go-guerrilla/backends/p_hasher.go:4] - G501 (CWE-327): Blocklisted import crypto/md5: weak cryptographic primitive (Confidence: HIGH, Severity: MEDIUM)
3: import (
> 4: "crypto/md5"
5: "fmt"
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.