The email package. email.message.EmailMessage assembly with user-controlled Subject, To, From, or body is an email-header-injection sink (CRLF in header values can inject extra headers). email.parser handles incoming messages — sources of user content.
.message_from_string().message_from_bytes().message_from_string()Sourceemail.message_from_string(s, _class=EmailMessage, *, policy=compat32) -> EmailMessage
Parses a message from a string. Source for incoming email content.
return.message_from_bytes()Sourceemail.message_from_bytes(s, _class=EmailMessage, *, policy=compat32) -> EmailMessage
Parses a message from bytes. Source.
return.EmailMessage()Neutralemail.message.EmailMessage(policy=default) -> EmailMessage
Creates a message. Setting headers from user input is a CRLF-injection sink.
| FQN | Field | |
|---|---|---|
| fqns[0] | ||
| email.message | fqns[1] | |
| email.parser | fqns[2] | |
| email.mime | fqns[3] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyEmail