Merge branch 'develop' of github.com:semaphoreui/semaphore into develop

fiftin · fiftin · commit 51dae5335836 · 2025-04-17T11:55:03.000+05:00
diff --git a/pkg/task_logger/task_logger.go b/pkg/task_logger/task_logger.go
@@ -2,7 +2,6 @@ package task_logger
 
 import (
 	"os/exec"
-	"strings"
 	"time"
 )
 
@@ -53,9 +52,11 @@ func (s TaskStatus) Format() (res string) {
 		res += "⏹️"
 	case TaskWaitingConfirmation:
 		res += "⚠️"
+	default:
+		res += "❓"
 	}
-	res += strings.ToUpper(string(s))
-
+	// to avoid email content injection issue
+	//res += strings.ToUpper(string(s))
 	return
 }
 
diff --git a/services/tasks/alert.go b/services/tasks/alert.go
@@ -92,6 +92,7 @@ func (t *TaskRunner) sendMailAlert() {
 
 		if err := mailer.Send(
 			util.Config.EmailSecure,
+			util.Config.EmailTls,
 			util.Config.EmailHost,
 			util.Config.EmailPort,
 			util.Config.EmailUsername,
diff --git a/util/config.go b/util/config.go
@@ -198,13 +198,15 @@ type ConfigType struct {
 	AccessKeyEncryption string `json:"access_key_encryption,omitempty" env:"SEMAPHORE_ACCESS_KEY_ENCRYPTION"`
 
 	// email alerting
-	EmailAlert    bool   `json:"email_alert,omitempty" env:"SEMAPHORE_EMAIL_ALERT"`
-	EmailSender   string `json:"email_sender,omitempty" env:"SEMAPHORE_EMAIL_SENDER"`
-	EmailHost     string `json:"email_host,omitempty" env:"SEMAPHORE_EMAIL_HOST"`
-	EmailPort     string `json:"email_port,omitempty" rule:"^(|[0-9]{1,5})$" env:"SEMAPHORE_EMAIL_PORT"`
-	EmailUsername string `json:"email_username,omitempty" env:"SEMAPHORE_EMAIL_USERNAME"`
-	EmailPassword string `json:"email_password,omitempty" env:"SEMAPHORE_EMAIL_PASSWORD"`
-	EmailSecure   bool   `json:"email_secure,omitempty" env:"SEMAPHORE_EMAIL_SECURE"`
+	EmailAlert         bool   `json:"email_alert,omitempty" env:"SEMAPHORE_EMAIL_ALERT"`
+	EmailSender        string `json:"email_sender,omitempty" env:"SEMAPHORE_EMAIL_SENDER"`
+	EmailHost          string `json:"email_host,omitempty" env:"SEMAPHORE_EMAIL_HOST"`
+	EmailPort          string `json:"email_port,omitempty" rule:"^(|[0-9]{1,5})$" env:"SEMAPHORE_EMAIL_PORT"`
+	EmailUsername      string `json:"email_username,omitempty" env:"SEMAPHORE_EMAIL_USERNAME"`
+	EmailPassword      string `json:"email_password,omitempty" env:"SEMAPHORE_EMAIL_PASSWORD"`
+	EmailSecure        bool   `json:"email_secure,omitempty" env:"SEMAPHORE_EMAIL_SECURE"`
+	EmailTls           bool   `json:"email_tls,omitempty" env:"SEMAPHORE_EMAIL_TLS"`
+	EmailTlsMinVersion string `json:"email_tls_min_version,omitempty" default:"1.2" rule:"^(1\\.[0123])$" env:"SEMAPHORE_EMAIL_TLS_MIN_VERSION"`
 
 	// ldap settings
 	LdapEnable       bool          `json:"ldap_enable,omitempty" env:"SEMAPHORE_LDAP_ENABLE"`
diff --git a/util/config_test.go b/util/config_test.go
@@ -388,6 +388,7 @@ func TestValidateConfig(t *testing.T) {
 	var testDbDialect = DbDriverBolt
 	var testCookieHash = "0Sn+edH3doJ4EO4Rl49Y0KrxjUkXuVtR5zKHGGWerxQ="
 	var testMaxParallelTasks = 0
+	var testEmailTlsMinVersion = "1.2"
 
 	Config.Port = testPort
 	Config.Dialect = testDbDialect
@@ -396,6 +397,7 @@ func TestValidateConfig(t *testing.T) {
 	Config.GitClientId = GoGitClientId
 	Config.CookieEncryption = testCookieHash
 	Config.AccessKeyEncryption = testCookieHash
+	Config.EmailTlsMinVersion = testEmailTlsMinVersion
 	validateConfig()
 
 	Config.Port = "INVALID"
diff --git a/util/mailer/mailer.go b/util/mailer/mailer.go
@@ -2,10 +2,14 @@ package mailer
 
 import (
 	"bytes"
-	"html/template"
+	"crypto/tls"
+	"errors"
+	"fmt"
+	"github.com/semaphoreui/semaphore/util"
 	"net"
 	"net/smtp"
 	"strings"
+	"text/template"
 	"time"
 )
 
@@ -30,9 +34,25 @@ var (
 	)
 )
 
+func parseTlsVersion(version string) (uint16, error) {
+	switch version {
+	case "1.0":
+		return tls.VersionTLS10, nil
+	case "1.1":
+		return tls.VersionTLS11, nil
+	case "1.2":
+		return tls.VersionTLS12, nil
+	case "1.3":
+		return tls.VersionTLS13, nil
+	}
+
+	return 0, errors.New(fmt.Sprintf("Unsupported TLS version %s", version))
+}
+
 // Send simply sends the defined mail via SMTP.
 func Send(
 	secure bool,
+	useTls bool,
 	host string,
 	port string,
 	username,
@@ -68,15 +88,27 @@ func Send(
 	}
 
 	if secure {
-		return plainauth(
-			host,
-			port,
-			username,
-			password,
-			from,
-			to,
-			body,
-		)
+		if useTls {
+			return sendTls(
+				host,
+				port,
+				username,
+				password,
+				from,
+				to,
+				body,
+			)
+		} else {
+			return plainauth(
+				host,
+				port,
+				username,
+				password,
+				from,
+				to,
+				body,
+			)
+		}
 	}
 
 	return anonymous(
@@ -109,6 +141,76 @@ func plainauth(
 	)
 }
 
+func sendTls(
+	host,
+	port,
+	username,
+	password,
+	from,
+	to string,
+	body *bytes.Buffer,
+) error {
+	auth := PlainOrLoginAuth(username, password, host)
+
+	tlsVersion, err := parseTlsVersion(util.Config.EmailTlsMinVersion)
+	if err != nil {
+		return err
+	}
+
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: false,
+		ServerName:         host,
+		MinVersion:         tlsVersion,
+	}
+
+	// Here is the key, you need to call tls.Dial instead of smtp.Dial
+	// for smtp servers running on 465 that require an ssl connection
+	// from the very beginning (no starttls)
+	conn, err := tls.Dial("tcp", net.JoinHostPort(host, port), tlsConfig)
+	if err != nil {
+		return err
+	}
+
+	c, err := smtp.NewClient(conn, host)
+	if err != nil {
+		return err
+	}
+
+	if err = c.Auth(auth); err != nil {
+		return err
+	}
+
+	if err = c.Mail(from); err != nil {
+		return err
+	}
+
+	if err = c.Rcpt(to); err != nil {
+		return err
+	}
+
+	w, err := c.Data()
+	if err != nil {
+		return err
+	}
+
+	_, err = w.Write(body.Bytes())
+	if err != nil {
+		return err
+	}
+
+	err = w.Close()
+	if err != nil {
+		return err
+	}
+
+	err = c.Quit()
+	if err != nil {
+		return err
+	}
+
+	return nil
+}
+
 func anonymous(
 	host string,
 	port string,

Original file line number	Diff line number	Diff line change
`@@ -2,7 +2,6 @@ package task_logger`
`2`	`2`
`3`	`3`	`import (`
`4`	`4`	`"os/exec"`
`5`		`- "strings"`
`6`	`5`	`"time"`
`7`	`6`	`)`
`8`	`7`
`@@ -53,9 +52,11 @@ func (s TaskStatus) Format() (res string) {`
`53`	`52`	`res += "⏹️"`
`54`	`53`	`case TaskWaitingConfirmation:`
`55`	`54`	`res += "⚠️"`
	`55`	`+ default:`
	`56`	`+ res += "❓"`
`56`	`57`	`}`
`57`		`- res += strings.ToUpper(string(s))`
`58`		`-`
	`58`	`+ // to avoid email content injection issue`
	`59`	`+ //res += strings.ToUpper(string(s))`
`59`	`60`	`return`
`60`	`61`	`}`
`61`	`62`