ifc: taint sendmail stderr

Taint sendmail stderr. Also re-export some typed-process ProcessConfig-related types and functions from Purebred.System.Process. This is a move to avoid importing System.Process.Typed anywhere in purebred, except this one module, ensuring that all the "run process" functions that are available taint the process output. Part of: #269
purebred-mua · Mar 29, 2019 · 5cbd228 · 5cbd228
1 parent cbe7cde
commit 5cbd228
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 8 deletions.
diff --git a/src/Config/Main.hs b/src/Config/Main.hs
@@ -15,7 +15,6 @@ import qualified Data.Text as T
 import System.Environment (lookupEnv)
 import System.Directory (getHomeDirectory)
 import Data.Maybe (fromMaybe)
-import System.Process.Typed (proc, readProcessStderr, setStdin, byteStringInput)
 import System.Exit (ExitCode(..))
 
 import Data.MIME (contentTypeTextPlain)
@@ -41,6 +40,8 @@ import UI.ComposeEditor.Keybindings
 
 import Error
 import Types
+import Purebred.System.Process
+import Purebred.Types.IFC (sanitiseText, untaint)
 import Storage.Notmuch (getDatabasePath)
 
 sendmailPath :: FilePath
@@ -49,13 +50,14 @@ sendmailPath = "/usr/sbin/sendmail"
 renderSendMail :: B.ByteString -> IO (Either Error ())
 renderSendMail m = do
   -- -t which extracts recipients from the mail
-  result <- readProcessStderr config
-  case result of
-    (ExitFailure _, stderr)-> pure $ Left $ SendMailError (decode stderr)
-    (ExitSuccess, _) -> pure $ Right ()
+  result <- tryRunProcess config
+  pure $ case result of
+    Left e -> Left $ SendMailError (show e)
+    Right (ExitFailure _, stderr) -> Left $ SendMailError (untaint decode stderr)
+    Right (ExitSuccess, _) -> Right ()
   where
     config = setStdin (byteStringInput (LB.fromStrict m)) $ proc sendmailPath ["-t", "-v"]
-    decode = T.unpack . decodeLenient . LB.toStrict
+    decode = T.unpack . sanitiseText . decodeLenient . LB.toStrict
 
 solarizedDark :: Theme
 solarizedDark =

diff --git a/src/Purebred/System/Process.hs b/src/Purebred/System/Process.hs
@@ -18,11 +18,17 @@ module Purebred.System.Process
   ( tryRunProcess
   , handleIOException
   , handleExitCode
+
+  -- * Re-exports from @System.Process.Typed@
+  , ProcessConfig
+  , proc
+  , setStdin
+  , byteStringInput
   ) where
 
 import System.Exit (ExitCode(..))
 import Control.Exception (try, IOException)
-import System.Process.Typed (readProcessStderr, ProcessConfig)
+import System.Process.Typed
 import qualified Data.ByteString.Lazy as LB
 import Control.Lens (set, (&))
 import Data.Semigroup ((<>))
@@ -47,8 +53,11 @@ handleIOException s' ex = pure $ s' & setError (ProcessError (show ex))
 
 -- | Try running a process given by the `FilePath` and catch an IOExceptions.
 -- This is to avoid a crashing process also take down the running Brick program.
+--
+-- Returns the exit code and the standard error output.
+--
 tryRunProcess
-  :: ProcessConfig stdout stderr stdin
+  :: ProcessConfig stdout stderrIgnored stdin
   -> IO (Either IOException (ExitCode, Tainted LB.ByteString))
 tryRunProcess = (fmap . fmap . fmap) taint . try . readProcessStderr