View Javadoc
1   /*
2    * Copyright 2016 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.codec.smtp;
17  
18  import java.util.Arrays;
19  import java.util.Collections;
20  import java.util.List;
21  
22  final class SmtpUtils {
23  
24      static List<CharSequence> toUnmodifiableList(CharSequence... sequences) {
25          if (sequences == null || sequences.length == 0) {
26              return Collections.emptyList();
27          }
28          return Collections.unmodifiableList(Arrays.asList(sequences));
29      }
30  
31      /**
32       * Validates SMTP parameters to prevent SMTP command injection.
33       * Throws IllegalArgumentException if any parameter contains CRLF sequences.
34       */
35      static void validateSMTPParameters(CharSequence... parameters) {
36          if (parameters != null) {
37              for (CharSequence parameter : parameters) {
38                  if (parameter != null) {
39                      validateSMTPParameter(parameter);
40                  }
41              }
42          }
43      }
44  
45      /**
46       * Validates SMTP parameters to prevent SMTP command injection.
47       * Throws IllegalArgumentException if any parameter contains CRLF sequences.
48       */
49      static void validateSMTPParameters(List<CharSequence> parameters) {
50          if (parameters != null) {
51              for (CharSequence parameter : parameters) {
52                  if (parameter != null) {
53                      validateSMTPParameter(parameter);
54                  }
55              }
56          }
57      }
58  
59      private static void validateSMTPParameter(CharSequence parameter) {
60          if (parameter instanceof String) {
61              String paramStr = (String) parameter;
62              if (paramStr.indexOf('\r') != -1 || paramStr.indexOf('\n') != -1) {
63                  throw new IllegalArgumentException("SMTP parameter contains CRLF characters: " + parameter);
64              }
65          } else {
66              for (int i = 0; i < parameter.length(); i++) {
67                  char c = parameter.charAt(i);
68                  if (c == '\r' || c == '\n') {
69                      throw new IllegalArgumentException("SMTP parameter contains CRLF characters: " + parameter);
70                  }
71              }
72          }
73      }
74  
75      private SmtpUtils() { }
76  }