mailauth - npm Package Compare versions

Comparing version 2.2.3 to 2.3.0

cli.md

@@ -20,6 +20,8 @@ # CLI USAGE
 -   [MacOS](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.pkg)
--   [Linux](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.gz)
+-   [Linux](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.tar.gz)
 -   [Windows](https://github.com/postalsys/mailauth/releases/latest/download/mailauth.exe)
 -   Or install from the NPM registry: `npm install -g mailauth`
 
+> **NB!** Downloadable files are quite large because these are packaged Node.js applications
+
 ## Help
@@ -26,0 +28,0 @@

lib/dkim/dkim-verifier.js

@@ -175,3 +175,8 @@ 'use strict';
 
-                let publicKey, rr;
+                let signingHeaders = {
+                    keys: signingHeaderLines.keys,
+                    headers: signingHeaderLines.headers.map(l => l.line.toString())
+                };
+
+                let publicKey, rr, modulusLength;
                 let status = {
@@ -212,2 +217,3 @@ result: 'neutral',
                         rr = res?.rr;
+                        modulusLength = res?.modulusLength;
 
@@ -288,2 +294,3 @@ try {
                     bodyHashExpecting: signatureHeader.parsed?.bh?.value,
+                    signingHeaders,
                     status
@@ -304,2 +311,6 @@ };
 
+                if (modulusLength) {
+                    result.modulusLength = modulusLength;
+                }
+
                 if (rr) {
@@ -306,0 +317,0 @@ result.rr = rr;

lib/tools.js

@@ -9,3 +9,2 @@ /* eslint no-control-regex: 0 */
 const crypto = require('crypto');
-const pki = require('node-forge').pki;
 const https = require('https');
@@ -19,2 +18,5 @@ const packageData = require('../package');
 const gunzip = util.promisify(zlib.gunzip);
+const pki = require('node-forge').pki;
+const Joi = require('joi');
+const base64Schema = Joi.string().base64({ paddingRequired: false });
 
@@ -252,4 +254,4 @@ const defaultDKIMFieldNames =
 
-        let publicKey = entry?.parsed?.p?.value;
-        if (!publicKey) {
+        const publicKeyValue = entry?.parsed?.p?.value;
+        if (!publicKeyValue) {
             let err = new Error('Missing key value');
@@ -261,2 +263,11 @@ err.code = 'EINVALIDVAL';
 
+        let validation = base64Schema.validate(publicKeyValue);
+        if (validation.error) {
+            let err = new Error('Invalid base64 format for public key');
+            err.code = 'EINVALIDVAL';
+            err.rr = rr;
+            err.details = validation.error;
+            throw err;
+        }
+
         if (type === 'DKIM' && entry?.parsed?.v && (entry?.parsed?.v?.value || '').toString().toLowerCase().trim() !== 'dkim1') {
@@ -269,7 +280,12 @@ let err = new Error('Unknown key version');
 
-        publicKey = Buffer.from(`-----BEGIN PUBLIC KEY-----\n${publicKey}\n-----END PUBLIC KEY-----`);
-        let keyType = crypto.createPublicKey({ key: publicKey, format: 'pem' }).asymmetricKeyType;
+        const publicKeyPem = Buffer.from(`-----BEGIN PUBLIC KEY-----\n${publicKeyValue.replace(/.{64}/g, '$&\r\n')}\n-----END PUBLIC KEY-----`);
+        const publicKeyObj = crypto.createPublicKey({
+            key: publicKeyPem,
+            format: 'pem'
+        });
 
+        let keyType = publicKeyObj.asymmetricKeyType;
+
         if (!['rsa', 'ed25519'].includes(keyType) || (entry?.parsed?.k && entry?.parsed?.k?.value?.toLowerCase() !== keyType)) {
-            let err = new Error('Unknown key type');
+            let err = new Error('Unknown key type (${keyType})');
             err.code = 'EINVALIDTYPE';
@@ -280,14 +296,23 @@ err.rr = rr;
 
-        if (keyType === 'rsa') {
-            // check key length
-            const pubKeyData = pki.publicKeyFromPem(publicKey.toString());
-            if (pubKeyData.n.bitLength() < 1024) {
-                let err = new Error('Key too short');
-                err.code = 'ESHORTKEY';
-                err.rr = rr;
-                throw err;
-            }
+        let modulusLength;
+        if (publicKeyObj.asymmetricKeyDetails) {
+            modulusLength = publicKeyObj.asymmetricKeyDetails.modulusLength;
+        } else {
+            // fall back to node-forge
+            const pubKeyData = pki.publicKeyFromPem(publicKeyPem.toString());
+            modulusLength = pubKeyData.n.bitLength();
         }
 
-        return { publicKey, rr };
+        if (keyType === 'rsa' && modulusLength < 1024) {
+            let err = new Error('RSA key too short');
+            err.code = 'ESHORTKEY';
+            err.rr = rr;
+            throw err;
+        }
+
+        return {
+            publicKey: publicKeyPem,
+            rr,
+            modulusLength
+        };
     }
@@ -294,0 +319,0 @@

LICENSE.txt

@@ -1,2 +0,2 @@
-Copyright (c) 2020-2021 Postal Systems OÜ
+Copyright (c) 2020-2022 Postal Systems OÜ
 
@@ -3,0 +3,0 @@ Permission is hereby granted, free of charge, to any person obtaining a copy

licenses.txt

@@ -1,11 +0,11 @@
-name        license type               link                                              author
-----        ------------               ----                                              ------
-@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            n/a
-ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         whitequark
-joi         BSD-3-Clause               git://github.com/sideway/joi.git                  n/a
-libmime     MIT                        git://github.com/andris9/libmime.git              Andris Reinman
-node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    Digital Bazaar, Inc.
-nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  Andris Reinman
-psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      Lupo Montero
-punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   Mathias Bynens
-yargs       MIT                        git+https://github.com/yargs/yargs.git            n/a
+name        license type               link                                              installed version  author
+----        ------------               ----                                              -----------------  ------
+@fidm/x509  MIT                        git+ssh://git@github.com/fidm/x509.git            1.2.1              n/a
+ipaddr.js   MIT                        git://github.com/whitequark/ipaddr.js.git         2.0.1              whitequark
+joi         BSD-3-Clause               git://github.com/sideway/joi.git                  17.5.0             n/a
+libmime     MIT                        git://github.com/andris9/libmime.git              5.0.0              Andris Reinman
+node-forge  (BSD-3-Clause OR GPL-2.0)  git+https://github.com/digitalbazaar/forge.git    1.2.1              Digital Bazaar, Inc.
+nodemailer  MIT                        git+https://github.com/nodemailer/nodemailer.git  6.7.2              Andris Reinman
+psl         MIT                        git+ssh://git@github.com/lupomontero/psl.git      1.8.0              Lupo Montero
+punycode    MIT                        git+https://github.com/bestiejs/punycode.js.git   2.1.1              Mathias Bynens
+yargs       MIT                        git+https://github.com/yargs/yargs.git            17.3.1             n/a

man/man.md

@@ -133,3 +133,3 @@ # mailauth(1)
 
-Copyright (c) 2020-2021, Postal Systems (MIT).
+Copyright (c) 2020-2022, Postal Systems (MIT).
 
@@ -136,0 +136,0 @@ ## SEE ALSO

package.json

 {
     "name": "mailauth",
-    "version": "2.2.3",
+    "version": "2.3.0",
     "description": "Email authentication library for Node.js",
@@ -35,3 +35,3 @@ "main": "lib/mailauth.js",
         "chai": "4.3.4",
-        "eslint": "8.0.0",
+        "eslint": "8.7.0",
         "eslint-config-nodemailer": "1.2.0",
@@ -44,4 +44,4 @@ "eslint-config-prettier": "8.3.0",
         "mbox-reader": "1.1.5",
-        "mocha": "9.1.2",
-        "pkg": "5.3.3"
+        "mocha": "9.1.4",
+        "pkg": "5.5.2"
     },
@@ -51,9 +51,9 @@ "dependencies": {
         "ipaddr.js": "2.0.1",
-        "joi": "17.4.2",
+        "joi": "17.5.0",
         "libmime": "5.0.0",
-        "node-forge": "0.10.0",
-        "nodemailer": "6.7.0",
+        "node-forge": "1.2.1",
+        "nodemailer": "6.7.2",
         "psl": "1.8.0",
         "punycode": "2.1.1",
-        "yargs": "17.2.1"
+        "yargs": "17.3.1"
     },
@@ -75,3 +75,4 @@ "engines": {
             "man/**/*",
-            "licenses.txt"
+            "licenses.txt",
+            "LICENSE.txt"
         ],
@@ -78,0 +79,0 @@ "_targets": [

README.md

@@ -445,4 +445,4 @@ ![](https://github.com/postalsys/mailauth/raw/master/assets/mailauth.png)
 
-© 2020-2021 Postal Systems OÜ
+© 2020-2022 Postal Systems OÜ
 
 Licensed under MIT license

No alert changes

Improved metrics

Total package byte prevSize

235145

increased by0.71%

Lines of code

4507

increased by0.69%

Dependency changes

• + Addedjoi@17.5.0(transitive)

• + Addednode-forge@1.2.1(transitive)

• + Addednodemailer@6.7.2(transitive)

• + Addedyargs@17.3.1(transitive)

• + Addedyargs-parser@21.1.1(transitive)

• - Removedjoi@17.4.2(transitive)

• - Removednode-forge@0.10.0(transitive)

• - Removednodemailer@6.7.0(transitive)

• - Removedyargs@17.2.1(transitive)

• - Removedyargs-parser@20.2.9(transitive)

• Updatedjoi@17.5.0

• Updatednode-forge@1.2.1

• Updatednodemailer@6.7.2

• Updatedyargs@17.3.1