Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Security: rename WEBHOOK_AUTHORIZATION --> WEBHOOK_SECRET
This fixes a low severity security issue affecting Anymail v0.2--v1.3. Django error reporting includes the value of your Anymail WEBHOOK_AUTHORIZATION setting. In a properly-configured deployment, this should not be cause for concern. But if you have somehow exposed your Django error reports (e.g., by mis-deploying with DEBUG=True or by sending error reports through insecure channels), anyone who gains access to those reports could discover your webhook shared secret. An attacker could use this to post fabricated or malicious Anymail tracking/inbound events to your app, if you are using those Anymail features. The fix renames Anymail's webhook shared secret setting so that Django's error reporting mechanism will [sanitize][0] it. If you are using Anymail's event tracking and/or inbound webhooks, you should upgrade to this release and change "WEBHOOK_AUTHORIZATION" to "WEBHOOK_SECRET" in the ANYMAIL section of your settings.py. You may also want to [rotate the shared secret][1] value, particularly if you have ever exposed your Django error reports to untrusted individuals. If you are only using Anymail's EmailBackends for sending email and have not set up Anymail's webhooks, this issue does not affect you. The old WEBHOOK_AUTHORIZATION setting is still allowed in this release, but will issue a system-check warning when running most Django management commands. It will be removed completely in a near-future release, as a breaking change. Thanks to Charlie DeTar (@yourcelf) for responsibly reporting this security issue through private channels. [0]: https://docs.djangoproject.com/en/stable/ref/settings/#debug [1]: https://anymail.readthedocs.io/en/1.4/tips/securing_webhooks/#use-a-shared-authorization-secret
- Loading branch information
Showing
14 changed files
with
99 additions
and
29 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,9 +1,12 @@ | ||
from django.apps import AppConfig | ||
from django.core import checks | ||
|
||
from .checks import check_deprecated_settings | ||
|
||
|
||
class AnymailBaseConfig(AppConfig): | ||
name = 'anymail' | ||
verbose_name = "Anymail" | ||
|
||
def ready(self): | ||
pass | ||
checks.register(check_deprecated_settings) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,24 @@ | ||
from django.conf import settings | ||
from django.core import checks | ||
|
||
|
||
def check_deprecated_settings(app_configs, **kwargs): | ||
errors = [] | ||
|
||
anymail_settings = getattr(settings, "ANYMAIL", {}) | ||
|
||
# anymail.W001: rename WEBHOOK_AUTHORIZATION to WEBHOOK_SECRET | ||
if "WEBHOOK_AUTHORIZATION" in anymail_settings: | ||
errors.append(checks.Warning( | ||
"The ANYMAIL setting 'WEBHOOK_AUTHORIZATION' has been renamed 'WEBHOOK_SECRET' to improve security.", | ||
hint="You must update your settings.py. The old name will stop working in a near-future release.", | ||
id="anymail.W001", | ||
)) | ||
if hasattr(settings, "ANYMAIL_WEBHOOK_AUTHORIZATION"): | ||
errors.append(checks.Warning( | ||
"The ANYMAIL_WEBHOOK_AUTHORIZATION setting has been renamed ANYMAIL_WEBHOOK_SECRET to improve security.", | ||
hint="You must update your settings.py. The old name will stop working in a near-future release.", | ||
id="anymail.W001", | ||
)) | ||
|
||
return errors |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,27 @@ | ||
from django.core import checks | ||
from django.test import SimpleTestCase | ||
from django.test.utils import override_settings | ||
|
||
from anymail.checks import check_deprecated_settings | ||
|
||
from .utils import AnymailTestMixin | ||
|
||
|
||
class DeprecatedSettingsTests(SimpleTestCase, AnymailTestMixin): | ||
@override_settings(ANYMAIL={"WEBHOOK_AUTHORIZATION": "abcde:12345"}) | ||
def test_webhook_authorization(self): | ||
errors = check_deprecated_settings(None) | ||
self.assertEqual(errors, [checks.Warning( | ||
"The ANYMAIL setting 'WEBHOOK_AUTHORIZATION' has been renamed 'WEBHOOK_SECRET' to improve security.", | ||
hint="You must update your settings.py. The old name will stop working in a near-future release.", | ||
id="anymail.W001", | ||
)]) | ||
|
||
@override_settings(ANYMAIL_WEBHOOK_AUTHORIZATION="abcde:12345", ANYMAIL={}) | ||
def test_anymail_webhook_authorization(self): | ||
errors = check_deprecated_settings(None) | ||
self.assertEqual(errors, [checks.Warning( | ||
"The ANYMAIL_WEBHOOK_AUTHORIZATION setting has been renamed ANYMAIL_WEBHOOK_SECRET to improve security.", | ||
hint="You must update your settings.py. The old name will stop working in a near-future release.", | ||
id="anymail.W001", | ||
)]) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters