mail-dmarc icon indicating copy to clipboard operation
mail-dmarc copied to clipboard

Published 20 hours ago verified publisher icon msimerson

Several issues in file search functions

Open mpurg opened this issue 11 months ago • 0 comments

Hi,

I noticed a few non-critical issues in the find_psl_file and get_config functions:

  1. The variable $path is referenced outside the foreach loop and is thus uninitialized, thus the following will never be true: https://github.com/msimerson/mail-dmarc/blob/ac6d3ad2e50c79a409c0fc642ffc2816c2018827/lib/Mail/DMARC/Base.pm#L201

  2. The default value for $file is share/public_suffic_list while at the same time, get_prefix is called with the prefix share/, resulting in .../share/share/... paths, which is probably not intended.

  3. In get_config , the config file is first read from CWD without checking ownership/permissions, which could be a security issue.

mpurg avatar Mar 21 '24 10:03 mpurg