1 # Copyright (C) 2020 all contributors <meta@public-inbox.org>
2 # License: AGPL-3.0+ <https://www.gnu.org/licenses/agpl-3.0.txt>
4 # Lazy MIME parser, it still slurps the full message but keeps short
5 # lifetimes. Unlike Email::MIME, it doesn't pre-split multipart
6 # messages or do any up-front parsing of headers besides splitting
7 # the header string from the body.
9 # Contains ideas and code from Email::Simple and Email::MIME
10 # (Perl Artistic License, GPL-1+)
12 # This aims to replace Email::MIME for our purposes, similar API
13 # but internal field names are differ if they're not 100%-compatible.
15 # Includes some proposed fixes for Email::MIME:
16 # - header-less sub parts - https://github.com/rjbs/Email-MIME/issues/14
17 # - "0" as boundary - https://github.com/rjbs/Email-MIME/issues/63
20 # bdy => scalar ref for body (may be undef),
21 # hdr => scalar ref for header,
22 # crlf => "\n" or "\r\n" (scalar, not a ref),
24 # # filled in during ->each_part
25 # ct => hash ref returned by parse_content_type
27 package PublicInbox::Eml;
31 use Encode qw(find_encoding decode encode); # stdlib
32 use Text::Wrap qw(wrap); # stdlib, we need Perl 5.6+ for $huge
33 use MIME::Base64 3.05; # Perl 5.10.0 / 5.9.2
34 use MIME::QuotedPrint 3.05; # ditto
36 my $MIME_Header = find_encoding('MIME-Header');
38 use PublicInbox::EmlContentFoo qw(parse_content_type parse_content_disposition);
39 $PublicInbox::EmlContentFoo::STRICT_PARAMS = 0;
41 our $MAXPARTS = 1000; # same as SpamAssassin
42 our $MAXDEPTH = 20; # seems enough, Perl sucks, here
43 our $MAXBOUNDLEN = 2048; # same as postfix
44 our $header_size_limit = 102400; # same as postfix
46 my %MIME_ENC = (qp => \&enc_qp, base64 => \&encode_base64);
47 my %MIME_DEC = (qp => \&dec_qp, base64 => \&decode_base64);
48 $MIME_ENC{quotedprint} = $MIME_ENC{'quoted-printable'} = $MIME_ENC{qp};
49 $MIME_DEC{quotedprint} = $MIME_DEC{'quoted-printable'} = $MIME_DEC{qp};
50 $MIME_ENC{$_} = \&identity_codec for qw(7bit 8bit binary);
52 my %DECODE_ADDRESS = map { $_ => 1 } qw(From To Cc Sender Reply-To);
55 'Content-Description' => 1,
56 'Content-Type' => 1, # not correct, but needed, oh well
58 our %STR_TYPE = (text => 1);
59 our %STR_SUBTYPE = (plain => 1, html => 1);
64 # Do not normalize $k with lc/uc; instead strive to keep
65 # capitalization in our codebase consistent.
66 $re_memo{$k} ||= qr/^\Q$k\E:[ \t]*([^\n]*\r?\n # 1st line
68 (?:[^:\n]*?[ \t]+[^\n]*\r?\n)*)
72 sub hdr_truncate ($) {
73 my $len = length($_[0]);
74 substr($_[0], $header_size_limit, $len) = '';
75 my $end = rindex($_[0], "\n");
78 substr($_[0], $end, $len) = '';
79 warn "header of $len bytes truncated to $end bytes\n";
83 header of $len bytes without `\\n' within $header_size_limit ignored
88 # compatible with our uses of Email::MIME
90 my $ref = ref($_[1]) ? $_[1] : \(my $cpy = $_[1]);
91 # substr() can modify the first arg in-place and to avoid
92 # memcpy/memmove on a potentially large scalar. It does need
93 # to make a copy for $hdr, though. Idea stolen from Email::Simple.
95 # We also prefer index() on common LFLF emails since it's faster
96 # and re scan can bump RSS by length($$ref) on big strings
97 if (index($$ref, "\r\n") < 0 && (my $pos = index($$ref, "\n\n")) >= 0) {
99 my $hdr = substr($$ref, 0, $pos + 2, ''); # sv_chop on $$ref
100 chop($hdr); # lower SvCUR
101 hdr_truncate($hdr) if length($hdr) > $header_size_limit;
102 bless { hdr => \$hdr, crlf => "\n", bdy => $ref }, __PACKAGE__;
103 } elsif ($$ref =~ /\r?\n(\r?\n)/s) {
104 my $hdr = substr($$ref, 0, $+[0], ''); # sv_chop on $$ref
105 substr($hdr, -(length($1))) = ''; # lower SvCUR
106 hdr_truncate($hdr) if length($hdr) > $header_size_limit;
107 bless { hdr => \$hdr, crlf => $1, bdy => $ref }, __PACKAGE__;
108 } elsif ($$ref =~ /^[a-z0-9-]+[ \t]*:/ims && $$ref =~ /(\r?\n)\z/s) {
109 # body is optional :P
110 my $hdr = substr($$ref, 0, $header_size_limit + 1);
111 hdr_truncate($hdr) if length($hdr) > $header_size_limit;
112 bless { hdr => \$hdr, crlf => $1 }, __PACKAGE__;
113 } else { # nothing useful
114 my $hdr = $$ref = '';
115 bless { hdr => \$hdr, crlf => "\n" }, __PACKAGE__;
120 my (undef, $ref) = @_;
121 # special case for messages like <85k5su9k59.fsf_-_@lola.goethe.zz>
122 $$ref =~ /\A(\r?\n)/s or goto &new;
123 my $hdr = substr($$ref, 0, $+[0], ''); # sv_chop on $$ref
124 bless { hdr => \$hdr, crlf => $1, bdy => $ref }, __PACKAGE__;
127 # same output as Email::Simple::Header::header_raw, but we extract
128 # headers on-demand instead of parsing them into a list which
129 # requires O(n) lookups anyways
131 my $re = re_memo($_[1]);
132 my @v = (${ $_[0]->{hdr} } =~ /$re/g);
134 # for compatibility w/ Email::Simple::Header,
139 wantarray ? @v : $v[0];
142 # pick the first Content-Type header to match Email::MIME behavior.
143 # It's usually the right one based on historical archives.
145 # PublicInbox::EmlContentFoo::content_type:
146 $_[0]->{ct} //= parse_content_type(header($_[0], 'Content-Type'));
149 # returns a queue of sub-parts iff it's worth descending into
150 # TODO: descend into message/rfc822 parts (Email::MIME didn't)
151 sub mp_descend ($$) {
152 my ($self, $nr) = @_; # or $once for top-level
153 my $bnd = ct($self)->{attributes}->{boundary} // return; # single-part
154 return if $bnd eq '' || length($bnd) >= $MAXBOUNDLEN;
155 $bnd = quotemeta($bnd);
157 # "multipart" messages can exist w/o a body
158 my $bdy = ($nr ? delete($self->{bdy}) : \(body_raw($self))) or return;
160 # Cut at the the first epilogue, not subsequent ones.
161 # *sigh* just the regexp match alone seems to bump RSS by
162 # length($$bdy) on a ~30M string:
163 my $epilogue_missing;
164 if ($$bdy =~ /(?:\r?\n)?^--$bnd--[ \t]*\r?$/sm) {
165 substr($$bdy, $-[0]) = '';
167 $epilogue_missing = 1;
170 # *Sigh* split() doesn't work in-place and return CoW strings
171 # because Perl wants to "\0"-terminate strings. So split()
172 # again bumps RSS by length($$bdy)
174 # Quiet warning for "Complex regular subexpression recursion limit"
175 # in case we get many empty parts, it's harmless in this case
176 no warnings 'regexp';
177 my ($pre, @parts) = split(/(?:\r?\n)?(?:^--$bnd[ \t]*\r?\n)+/ms,
179 # + 3 since we don't want the last part
180 # processed to include any other excluded
181 # parts ($nr starts at 1, and I suck at math)
182 $MAXPARTS + 3 - $nr);
184 if (@parts) { # the usual path if we got this far:
185 undef $bdy; # release memory ASAP if $nr > 0
187 # compatibility with Email::MIME
188 $parts[-1] =~ s/\n\r?\n\z/\n/s if $epilogue_missing;
190 @parts = grep /[^ \t\r\n]/s, @parts; # ignore empty parts
192 # Keep "From: someone..." from preamble in old,
193 # buggy versions of git-send-email, otherwise drop it
194 # There's also a case where quoted text showed up in the
196 # <20060515162817.65F0F1BBAE@citi.umich.edu>
197 unshift(@parts, $pre) if $pre =~ /:/s;
200 # "multipart", but no boundary found, treat as single part
201 $self->{bdy} //= $bdy;
205 # $p = [ \@parts, $depth, $idx ]
206 # $idx[0] grows as $depth grows, $idx[1] == $p->[-1] == current part
207 # (callers need to be updated)
208 # \@parts is a queue which empties when we're done with a parent part
210 # same usage as PublicInbox::MsgIter::msg_iter
211 # $cb - user-supplied callback sub
212 # $arg - user-supplied arg (think pthread_create)
213 # $once - unref body scalar during iteration
215 my ($self, $cb, $arg, $once) = @_;
216 my $p = mp_descend($self, $once // 0) or
217 return $cb->([$self, 0, 0], $arg);
219 my @s; # our virtual stack
221 while ((scalar(@{$p->[0]}) || ($p = pop @s)) && ++$nr <= $MAXPARTS) {
222 ++$p->[-1]; # bump index
223 my (undef, @idx) = @$p;
224 @idx = (join('.', @idx));
225 my $depth = ($idx[0] =~ tr/././) + 1;
226 my $sub = new_sub(undef, \(shift @{$p->[0]}));
227 if ($depth < $MAXDEPTH && (my $nxt = mp_descend($sub, $nr))) {
228 push(@s, $p) if scalar @{$p->[0]};
229 $p = [ $nxt, @idx, 0 ];
230 } else { # a leaf node
231 $cb->([$sub, $depth, @idx], $arg);
237 # prevent MIME::QuotedPrint from encoding CR as =0D since it's
238 # against RFCs and breaks MUAs
239 $_[0] =~ s/\r\n/\n/sg;
240 encode_qp($_[0], "\r\n");
244 # RFC 2822 requires all lines to end in CRLF, though... :<
245 $_[0] = decode_qp($_[0]);
246 $_[0] =~ s/\n/\r\n/sg;
250 sub identity_codec { $_[0] }
252 ########### compatibility section for existing Email::MIME uses #########
255 bless { hdr => $_[0]->{hdr}, crlf => $_[0]->{crlf} }, __PACKAGE__;
260 my $parts = mp_descend($self, 0) or return ();
261 my $bnd = ct($self)->{attributes}->{boundary} // die 'BUG: no boundary';
262 my $bdy = $self->{bdy};
263 if ($$bdy =~ /\A(.*?)(?:\r?\n)?^--\Q$bnd\E[ \t]*\r?$/sm) {
264 $self->{preamble} = $1;
266 if ($$bdy =~ /^--\Q$bnd\E--[ \t]*\r?\n(.+)\z/sm) {
267 $self->{epilogue} = $1;
269 map { new_sub(undef, \$_) } @$parts;
273 my ($self, $parts) = @_;
275 # we can't fully support what Email::MIME does,
276 # just what our filter code needs:
277 my $bnd = ct($self)->{attributes}->{boundary} // die <<EOF;
278 ->parts_set not supported for single-part messages
280 my $crlf = $self->{crlf};
281 my $fin_bnd = "$crlf--$bnd--$crlf";
282 $bnd = "$crlf--$bnd$crlf";
283 ${$self->{bdy}} = join($bnd,
284 delete($self->{preamble}) // '',
285 map { $_->as_string } @$parts
288 (delete($self->{epilogue}) // '');
293 my ($self, $body) = @_;
294 my $bdy = $self->{bdy} = ref($body) ? $body : \$body;
295 if (my $cte = header_raw($self, 'Content-Transfer-Encoding')) {
296 my $enc = $MIME_ENC{lc($cte)} or croak("can't encode `$cte'");
297 $$bdy = $enc->($$bdy); # in-place
303 my ($self, $body_str) = @_;
304 my $charset = ct($self)->{attributes}->{charset} or
305 Carp::confess('body_str was given, but no charset is defined');
306 body_set($self, \(encode($charset, $body_str, Encode::FB_CROAK)));
309 sub content_type { scalar header($_[0], 'Content-Type') }
311 # we only support raw header_set
313 my ($self, $pfx, @vals) = @_;
314 my $re = re_memo($pfx);
315 my $hdr = $self->{hdr};
316 return $$hdr =~ s!$re!!g if !@vals;
318 my $len = 78 - length($pfx);
320 # folding differs from Email::Simple::Header,
321 # we favor tabs for visibility (and space savings :P)
322 if (length($_) >= $len && (/\n[^ \t]/s || !/\n/s)) {
323 local $Text::Wrap::columns = $len;
324 local $Text::Wrap::huge = 'overflow';
325 $pfx . wrap('', "\t", $_) . $self->{crlf};
327 $pfx . $_ . $self->{crlf};
330 $$hdr =~ s!$re!shift(@vals) // ''!ge; # replace current headers, first
331 $$hdr .= join('', @vals); # append any leftovers not replaced
332 # wantarray ? @_[2..$#_] : $_[2]; # Email::Simple::Header compat
333 undef; # we don't care for the return value
336 # note: we only call this method on Subject
338 my ($self, $name, @vals) = @_;
340 next unless /[^\x20-\x7e]/;
341 utf8::encode($_); # to octets
342 # 39: int((75 - length("Subject: =?UTF-8?B?".'?=') ) / 4) * 3;
343 s/(.{1,39})/'=?UTF-8?B?'.encode_base64($1, '').'?='/ges;
345 header_set($self, $name, @vals);
348 sub mhdr_decode ($) { eval { $MIME_Header->decode($_[0]) } // $_[0] }
351 my $dis = header_raw($_[0], 'Content-Disposition');
352 my $attrs = parse_content_disposition($dis)->{attributes};
353 my $fn = $attrs->{filename};
354 $fn = ct($_[0])->{attributes}->{name} if !defined($fn) || $fn eq '';
355 (defined($fn) && $fn =~ /=\?/) ? mhdr_decode($fn) : $fn;
358 sub xs_addr_str { # helper for ->header / ->header_str
359 for (@_) { # array from header_raw()
361 my @g = parse_email_groups($_); # [ foo => [ E::A::X, ... ]
362 for (my $i = 0; $i < @g; $i += 2) {
363 if (defined($g[$i]) && $g[$i] =~ /=\?/) {
364 $g[$i] = mhdr_decode($g[$i]);
366 my $addrs = $g[$i + 1];
367 for my $eax (@$addrs) {
368 for my $m (qw(phrase comment)) {
370 $eax->$m(mhdr_decode($v)) if
375 $_ = format_email_groups(@g);
380 require Email::Address::XS;
381 Email::Address::XS->import(qw(parse_email_groups format_email_groups));
384 # fallback to just decoding everything, because parsing
385 # email addresses correctly w/o C/XS is slow
386 %DECODE_FULL = (%DECODE_FULL, %DECODE_ADDRESS);
387 %DECODE_ADDRESS = ();
390 *header = \&header_str;
392 my ($self, $name) = @_;
393 my @v = header_raw($self, $name);
394 if ($DECODE_ADDRESS{$name}) {
396 } elsif ($DECODE_FULL{$name}) {
398 $_ = mhdr_decode($_) if /=\?/;
401 wantarray ? @v : $v[0];
404 sub body_raw { ${$_[0]->{bdy} // \''}; }
407 my $raw = body_raw($_[0]);
408 my $cte = header_raw($_[0], 'Content-Transfer-Encoding') or return $raw;
409 ($cte) = ($cte =~ /([a-zA-Z0-9\-]+)/) or return $raw; # For S/MIME, etc
410 my $dec = $MIME_DEC{lc($cte)} or return $raw;
417 my $charset = $ct->{attributes}->{charset};
419 if ($STR_TYPE{$ct->{type}} && $STR_SUBTYPE{$ct->{subtype}}) {
422 Carp::confess("can't get body as a string for ",
423 join("\n\t", header_raw($self, 'Content-Type')));
425 decode($charset, body($self), Encode::FB_CROAK);
430 my $ret = ${ $self->{hdr} };
431 return $ret unless defined($self->{bdy});
432 $ret .= $self->{crlf};
433 $ret .= ${$self->{bdy}};
436 # Unlike Email::MIME::charset_set, this only changes the parsed
437 # representation of charset used for search indexing and HTML display.
438 # This does NOT affect what ->as_string returns.
440 ct($_[0])->{attributes}->{charset} = $_[1];
443 sub crlf { $_[0]->{crlf} // "\n" }
445 sub willneed { re_memo($_) for @_ }
447 willneed(qw(From To Cc Date Subject Content-Type In-Reply-To References
448 Message-ID X-Alt-Message-ID));