From 2fb0cdbb88e0bef398a1073f91187815897286ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Maxime=20=E2=80=9Cpep=E2=80=9D=20Buquet?= <pep@bouah.net>
Date: Mon, 1 Jul 2019 12:17:14 +0200
Subject: e2ee-api: Drop message if no body and no stanza encryption
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

To avoid leaking data when plugin doesn't do stanza encryption. This
will inevitably reduce the number of features available, but users want
to send "secure" messages right.

Signed-off-by: Maxime “pep” Buquet <pep@bouah.net>
---
 poezio/plugin_e2ee.py | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/poezio/plugin_e2ee.py b/poezio/plugin_e2ee.py
index 66a8bd97..0c9c9256 100644
--- a/poezio/plugin_e2ee.py
+++ b/poezio/plugin_e2ee.py
@@ -179,6 +179,17 @@ class E2EEPlugin(BasePlugin):
 
         has_body = message.xml.find('{%s}%s' % (JCLIENT_NS, 'body')) is not None
 
+        # Drop all messages that don't contain a body if the plugin doesn't do
+        # Stanza Encryption
+        if not self.stanza_encryption and not has_body:
+            log.debug(
+                '%s plugin: Dropping message as it contains no body, and is '
+                'not doesn\'t do stanza encryption: %r',
+                self.encryption_name,
+                message,
+            )
+            return None
+
         # Call the enabled encrypt method
         self._enabled_tabs[jid](message, tab)
 
-- 
cgit v1.2.3