SECURITY: Sanitize email id for use as mutex key

This commit is contained in:
David Taylor 2019-07-24 13:45:02 +01:00
parent 1d38bf7e2c
commit b3e5f7a8c6
1 changed files with 2 additions and 1 deletions

View File

@ -67,7 +67,8 @@ module Email
def process!
return if is_blacklisted?
DistributedMutex.synchronize(@message_id) do
id_hash = Digest::SHA1.hexdigest(@message_id)
DistributedMutex.synchronize("process_email_#{id_hash}") do
begin
return if IncomingEmail.exists?(message_id: @message_id)
ensure_valid_address_lists