Introduce a safer SMTP alternative: SMTP_SSL (Weak Cryptography Issue)

[fazledyn-or]

Details

While triaging your project, our bug fixing tool generated the following message(s)-

In file: oe_utils.py, method: sigevent_email, a clear-text protocol such as FTP, Telnet or SMTP is used. These protocols transfer data without any encryption, which expose applications to a large range of risks. iCR suggested that data should be transferred over only secure transport channels.

Also, it came to our observation that the existing code for SMTP didn't support authentication mechanism for email platforms. Modern email platforms, like Gmail, Protonmail, or even cPanel require users to login before using the SMTP to send mail. As a result, we included the option here too.

Changes

• Added login options (username and password) for authentication
• Added option to use SMTP_SSL for secure transport channel

Testing

Since we couldn't find any documentation/instruction related to testing, we couldn't test the provided code. Of course, we'll be glad to test it locally with your clear guidance.

CLA Requirements

This section is only relevant if your project requires contributors to sign a Contributor License Agreement (CLA) for external contributions.

All contributed commits are already automatically signed off.

The meaning of a signoff depends on the project, but it typically certifies that committer has the rights to submit this work under the same license and agrees to a Developer Certificate of Origin (see https://developercertificate.org/ for more information). - Git Commit SignOff documentation

Sponsorship and Support

This work is done by the security researchers from OpenRefactory and is supported by the Open Source Security Foundation (OpenSSF): Project Alpha-Omega. Alpha-Omega is a project partnering with open source software project maintainers to systematically find new, as-yet-undiscovered vulnerabilities in open source code - and get them fixed – to improve global software supply chain security.

The bug is found by running the Intelligent Code Repair (iCR) tool by OpenRefactory and then manually triaging the results.

[jtroberts]

Thanks for the submission! It looks like the function may no longer be in use anywhere. I will merge it in case anyone still has use for it but we'll likely be deprecating it in the future.