From d53097f77d2af04e4380231682f082d89ca26bc9 Mon Sep 17 00:00:00 2001
From: Vishnu Narayanan <iamwishnu@gmail.com>
Date: Wed, 21 Feb 2024 06:33:39 +0530
Subject: [PATCH] fix: Raise error if email to_header is invalid (#8688)

---
 app/mailboxes/application_mailbox.rb          | 14 +++++++++
 spec/fixtures/files/mail_with_invalid_to.eml  | 29 +++++++++++++++++++
 .../fixtures/files/mail_with_invalid_to_2.eml | 29 +++++++++++++++++++
 spec/mailboxes/application_mailbox_spec.rb    | 18 ++++++++++++
 4 files changed, 90 insertions(+)
 create mode 100644 spec/fixtures/files/mail_with_invalid_to.eml
 create mode 100644 spec/fixtures/files/mail_with_invalid_to_2.eml

diff --git a/app/mailboxes/application_mailbox.rb b/app/mailboxes/application_mailbox.rb
index c1e273e70..6a1902ce4 100644
--- a/app/mailboxes/application_mailbox.rb
+++ b/app/mailboxes/application_mailbox.rb
@@ -37,10 +37,24 @@ class ApplicationMailbox < ActionMailbox::Base
     # checks if follow this pattern  send it to reply_mailbox
     # reply+<conversation-uuid>@<mailer-domain.com>
     def reply_uuid_mail?(inbound_mail)
+      validate_to_address(inbound_mail)
+
       inbound_mail.mail.to&.any? do |email|
         conversation_uuid = email.split('@')[0]
         conversation_uuid.match?(REPLY_EMAIL_UUID_PATTERN)
       end
     end
+
+    # if mail.to returns a string, then it is a malformed `to` header
+    # valid `to` header will be of type Mail::AddressContainer
+    # validate if the to address is of type string
+    def validate_to_address(inbound_mail)
+      to_address_class = inbound_mail.mail.to&.class
+
+      return if to_address_class == Mail::AddressContainer
+
+      Rails.logger.error "Email to address header is malformed `#{inbound_mail.mail.to}`"
+      raise StandardError, "Invalid email to address header #{inbound_mail.mail.to}"
+    end
   end
 end
diff --git a/spec/fixtures/files/mail_with_invalid_to.eml b/spec/fixtures/files/mail_with_invalid_to.eml
new file mode 100644
index 000000000..8dd2aabb6
--- /dev/null
+++ b/spec/fixtures/files/mail_with_invalid_to.eml
@@ -0,0 +1,29 @@
+X-Original-To: bd84c730a1ac7833e4d27253804516f7@reply.chatwoot.com
+Received: from mail.planetmars.com (mxd [192.168.1.1]) by mx.sendgrid.net with ESMTP id AAAA-bCCCCCC5DeeeFFgg for <bd84c730a1ac7833e4d27253804516f7@reply.chatwoot.com>; Sun, 31 Dec 2023 22:32:23.586 +0000 (UTC)
+From: "Mark Whatney" <mark@planetmars.com>
+To: <vishnu@chatwoot.com>vishnu@chatwoot.com
+Subject: stranded in mars
+Date: Mon, 1 Jan 2024 06:31:44 +0800
+Message-ID: <1234560e0123c05b4bbf83c828b1688a93c7@com>
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+ boundary=15688136a4ad411d82b004fae6e46549
+X-Exim-Id: 1234560e0123c05b4bbf83c828b1688a93c7
+
+This is a multipart message in MIME format.
+
+--15688136a4ad411d82b004fae6e46549
+Content-Type: text/plain;
+        charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+
+hey v, can i get some help over here?
+
+--15688136a4ad411d82b004fae6e46549
+Content-Type: text/html;
+        charset="utf-8"
+Content-Transfer-Encoding: quoted-printable
+
+hey v, can i get some help over here?
+
+--15688136a4ad411d82b004fae6e46549--
diff --git a/spec/fixtures/files/mail_with_invalid_to_2.eml b/spec/fixtures/files/mail_with_invalid_to_2.eml
new file mode 100644
index 000000000..4ef77cb2d
--- /dev/null
+++ b/spec/fixtures/files/mail_with_invalid_to_2.eml
@@ -0,0 +1,29 @@
+X-Original-To: bd84c730a1ac7833e4d27253804516f7@reply.chatwoot.com
+Received: from mail.planetmars.com (mxd [192.168.1.1]) by mx.sendgrid.net with ESMTP id AAAA-bCCCCCC5DeeeFFgg for <bd84c730a1ac7833e4d27253804516f7@reply.chatwoot.com>; Sun, 31 Dec 2023 22:32:23.586 +0000 (UTC)
+From: "Mark Whatney" <mark@planetmars.com>
+To: vishnu@chatwoot.com www.chatwoot.com
+Subject: stranded in mars
+Date: Mon, 1 Jan 2024 06:31:44 +0800
+Message-ID: <1234560e0123c05b4bbf83c828b1688a93c7@com>
+MIME-Version: 1.0
+Content-Type: multipart/alternative;
+ boundary=15688136a4ad411d82b004fae6e46549
+X-Exim-Id: 1234560e0123c05b4bbf83c828b1688a93c7
+
+This is a multipart message in MIME format.
+
+--15688136a4ad411d82b004fae6e46549
+Content-Type: text/plain;
+        charset="us-ascii"
+Content-Transfer-Encoding: 7bit
+
+hey v, can i get some help over here?
+
+--15688136a4ad411d82b004fae6e46549
+Content-Type: text/html;
+        charset="utf-8"
+Content-Transfer-Encoding: quoted-printable
+
+hey v, can i get some help over here?
+
+--15688136a4ad411d82b004fae6e46549--
diff --git a/spec/mailboxes/application_mailbox_spec.rb b/spec/mailboxes/application_mailbox_spec.rb
index d5e15dc46..733ec5523 100644
--- a/spec/mailboxes/application_mailbox_spec.rb
+++ b/spec/mailboxes/application_mailbox_spec.rb
@@ -10,6 +10,8 @@ RSpec.describe ApplicationMailbox do
     let(:reply_mail_without_uuid) { create_inbound_email_from_fixture('reply.eml') }
     let(:reply_mail_with_in_reply_to) { create_inbound_email_from_fixture('in_reply_to.eml') }
     let(:support_mail) { create_inbound_email_from_fixture('support.eml') }
+    let(:mail_with_invalid_to_address) { create_inbound_email_from_fixture('mail_with_invalid_to.eml') }
+    let(:mail_with_invalid_to_address_2) { create_inbound_email_from_fixture('mail_with_invalid_to_2.eml') }
 
     describe 'Default' do
       it 'catchall mails route to Default Mailbox' do
@@ -65,5 +67,21 @@ RSpec.describe ApplicationMailbox do
         described_class.route reply_cc_mail
       end
     end
+
+    describe 'Invalid Mail To Address' do
+      it 'raises error when mail.to header is malformed' do
+        expect do
+          described_class.route mail_with_invalid_to_address
+        end.to raise_error(StandardError,
+                           'Invalid email to address header <vishnu@chatwoot.com>vishnu@chatwoot.com')
+      end
+
+      it 'raises another error when mail.to header is malformed' do
+        expect do
+          described_class.route mail_with_invalid_to_address_2
+        end.to raise_error(StandardError,
+                           'Invalid email to address header vishnu@chatwoot.com www.chatwoot.com')
+      end
+    end
   end
 end