SECURITY: Sanitize email id for use as mutex key

This commit is contained in:
David Taylor 2019-07-24 13:45:02 +01:00
parent 1d38bf7e2c
commit b3e5f7a8c6

View File

@ -67,7 +67,8 @@ module Email
def process! def process!
return if is_blacklisted? return if is_blacklisted?
DistributedMutex.synchronize(@message_id) do id_hash = Digest::SHA1.hexdigest(@message_id)
DistributedMutex.synchronize("process_email_#{id_hash}") do
begin begin
return if IncomingEmail.exists?(message_id: @message_id) return if IncomingEmail.exists?(message_id: @message_id)
ensure_valid_address_lists ensure_valid_address_lists