Reject role-based email address on import

[MAILPOET-2101]
2019-06-19 15:11:43 +02:00
parent ee34f576cd
commit 561649b25e
3 changed files with 47 additions and 1 deletions
--- a/lib/Models/ModelValidator.php
+++ b/lib/Models/ModelValidator.php
@ -13,6 +13,40 @@ class ModelValidator extends \Sudzy\Engine {
  const EMAIL_MIN_LENGTH = 6;
  const EMAIL_MAX_LENGTH = 150;

+  const ROLE_EMAILS = [
+    'abuse',
+    'compliance',
+    'devnull',
+    'dns',
+    'ftp',
+    'hostmaster',
+    'inoc',
+    'ispfeedback',
+    'ispsupport',
+    'list-request',
+    'list',
+    'maildaemon',
+    'noc',
+    'no-reply',
+    'noreply',
+    'null',
+    'phish',
+    'phishing',
+    'postmaster',
+    'privacy',
+    'registrar',
+    'root',
+    'security',
+    'spam',
+    'sysadmin',
+    'undisclosed-recipients',
+    'unsubscribe',
+    'usenet',
+    'uucp',
+    'webmaster',
+    'www',
+  ];
+
  function __construct() {
    parent::__construct();
    $this->validators = [
@ -40,6 +74,12 @@ class ModelValidator extends \Sudzy\Engine {
    return ($permitted_length && $valid_email);
  }

+  function validateNonRoleEmail($email) {
+    if (!$this->validateEmail($email)) return false;
+    $first_part = strtolower(substr($email, 0, strpos($email, '@')));
+    return array_search($first_part, self::ROLE_EMAILS) === false;
+  }
+
  function validateRenderedNewsletterBody($newsletter_body) {
    if (is_serialized($newsletter_body)) {
      $newsletter_body = unserialize($newsletter_body);
--- a/lib/Subscribers/ImportExport/Import/Import.php
+++ b/lib/Subscribers/ImportExport/Import/Import.php
@ -158,7 +158,7 @@ class Import {
      if ($validation_rule === 'email') {
        $data = array_map(
          function($index, $email) use(&$invalid_records, $validator) {
-            if (!$validator->validateEmail($email)) {
+            if (!$validator->validateNonRoleEmail($email)) {
              $invalid_records[] = $index;
            }
            return strtolower($email);
--- a/tests/integration/Models/ModelValidatorTest.php
+++ b/tests/integration/Models/ModelValidatorTest.php
@ -26,6 +26,12 @@ class ModelValidatorTest extends \MailPoetTest {
    expect($this->validator->validateEmail('a@b.c'))->false();
  }

+  function testItValidatesNonRoleEmail() {
+    expect($this->validator->validateNonRoleEmail('test'))->false();
+    expect($this->validator->validateNonRoleEmail('webmaster@example.com'))->false();
+    expect($this->validator->validateNonRoleEmail('test@example.com'))->true();
+  }
+
  function testItValidatesRenderedNewsletterBody() {
    expect($this->validator->validateRenderedNewsletterBody('test'))->false();
    expect($this->validator->validateRenderedNewsletterBody(serialize('test')))->false();