search

domainaware / parsedmarc

A Python package and CLI for parsing aggregate and forensic DMARC reports
https://domainaware.github.io/parsedmarc/
Apache License 2.0
1.01k stars 219 forks source link

IMAP password with % sign causes startup failure #261

Closed ericwbentley closed 2 years ago

ericwbentley commented 3 years ago

If the IMAP password in the config file includes the percent sign (%) as the last character of the password, the ParseDMARC service fails to start

-- Unit parsedmarc.service has finished starting up.
--
-- The start-up result is done.
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]: Traceback (most recent call last):
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:   File "/usr/local/bin/parsedmarc", line 8, in <module>
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:     sys.exit(_main())
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:   File "/usr/local/lib/python3.6/site-packages/parsedmarc/cli.py", line 309, in _main
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:     opts.imap_password = imap_config["password"]
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:   File "/usr/lib64/python3.6/configparser.py", line 1234, in __getitem__
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:     return self._parser.get(self._name, key)
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:   File "/usr/lib64/python3.6/configparser.py", line 800, in get
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:     d)
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:   File "/usr/lib64/python3.6/configparser.py", line 394, in before_get
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:     self._interpolate_some(parser, option, L, value, section, defaults, 1)
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:   File "/usr/lib64/python3.6/configparser.py", line 444, in _interpolate_some
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]:     "found: %r" % (rest,))
Aug 12 11:46:17 localhost.localdomain parsedmarc[1709]: configparser.InterpolationSyntaxError: '%' must be followed by '%' or '(', found: '%'
Aug 12 11:46:17 localhost.localdomain systemd[1]: parsedmarc.service: Main process exited, code=exited, status=1/FAILURE
Aug 12 11:46:17 localhost.localdomain systemd[1]: parsedmarc.service: Failed with result 'exit-code'.
-- Subject: Unit failed
-- Defined-By: systemd
-- Support: https://access.redhat.com/support
--
-- The unit parsedmarc.service has entered the 'failed' state with result 'exit-code'.
lasat commented 2 years ago

The percent symbol has a special function when used in strings in Python, so it should be escaped. Use "%%" instead of "%" and it should work fine.

ericwbentley commented 2 years ago

Couldn't this be resolved in code instead of having the user escape the character themselves? IMO all user input should be sanitized to handle these sort of occurrences without user intervention.