Skip to content

Commit

Permalink
Fix code scanning alert no. 22: Email content injection (#30)
Browse files Browse the repository at this point in the history 
Signed-off-by: gitworkflows <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@gitworkflows @github-advanced-security
gitworkflows and github-advanced-security[bot] authored Jan 8, 2025
1 parent 7ae932a commit c4124bb
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions app/server/email/email.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,6 +8,7 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/session"
"github.com/aws/aws-sdk-go/service/ses"
"net/mail"
)

// sendEmailViaSES sends an email using AWS SES
Expand Down Expand Up @@ -53,6 +54,10 @@ func sendEmailViaSES(recipient, subject, htmlBody, textBody string) error {
}

func sendEmailViaSMTP(recipient, subject, htmlBody, textBody string) error {
if !isValidEmail(recipient) {
return fmt.Errorf("invalid recipient email address")
}

smtpHost := os.Getenv("SMTP_HOST")
smtpPort := os.Getenv("SMTP_PORT")
smtpUser := os.Getenv("SMTP_USER")
Expand Down Expand Up @@ -94,3 +99,8 @@ func sendEmailViaSMTP(recipient, subject, htmlBody, textBody string) error {

return nil
}

func isValidEmail(email string) bool {
_, err := mail.ParseAddress(email)
return err == nil
}

0 comments on commit c4124bb

Please sign in to comment.