From c4124bbe9eb1ea506befb04e2409a74033c49faf Mon Sep 17 00:00:00 2001
From: gitworkflows <118260833+gitworkflows@users.noreply.github.com>
Date: Wed, 8 Jan 2025 19:21:21 +0600
Subject: [PATCH] Fix code scanning alert no. 22: Email content injection (#30)

Signed-off-by: gitworkflows <118260833+gitworkflows@users.noreply.github.com>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 app/server/email/email.go | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/app/server/email/email.go b/app/server/email/email.go
index d8bf5f1..96c0093 100644
--- a/app/server/email/email.go
+++ b/app/server/email/email.go
@@ -8,6 +8,7 @@ import (
 	"github.com/aws/aws-sdk-go/aws"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/ses"
+	"net/mail"
 )
 
 // sendEmailViaSES sends an email using AWS SES
@@ -53,6 +54,10 @@ func sendEmailViaSES(recipient, subject, htmlBody, textBody string) error {
 }
 
 func sendEmailViaSMTP(recipient, subject, htmlBody, textBody string) error {
+	if !isValidEmail(recipient) {
+		return fmt.Errorf("invalid recipient email address")
+	}
+
 	smtpHost := os.Getenv("SMTP_HOST")
 	smtpPort := os.Getenv("SMTP_PORT")
 	smtpUser := os.Getenv("SMTP_USER")
@@ -94,3 +99,8 @@ func sendEmailViaSMTP(recipient, subject, htmlBody, textBody string) error {
 
 	return nil
 }
+
+func isValidEmail(email string) bool {
+	_, err := mail.ParseAddress(email)
+	return err == nil
+}