From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <markwalters1009@gmail.com>
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id A24C26DE1149
 for <notmuch@notmuchmail.org>; Sun, 13 Nov 2016 03:21:58 -0800 (PST)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: 0.055
X-Spam-Level: 
X-Spam-Status: No, score=0.055 tagged_above=-999 required=5 tests=[AWL=-0.075, 
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001,
 RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H3=-0.01,
 RCVD_IN_MSPIKE_WL=-0.01, SPF_PASS=-0.001] autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id uLrlewW5ncer for <notmuch@notmuchmail.org>;
 Sun, 13 Nov 2016 03:21:58 -0800 (PST)
Received: from mail-wm0-f66.google.com (mail-wm0-f66.google.com [74.125.82.66])
 by arlo.cworth.org (Postfix) with ESMTPS id E1AE56DE1154
 for <notmuch@notmuchmail.org>; Sun, 13 Nov 2016 03:21:55 -0800 (PST)
Received: by mail-wm0-f66.google.com with SMTP id a20so7730297wme.2
 for <notmuch@notmuchmail.org>; Sun, 13 Nov 2016 03:21:55 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113;
 h=from:to:cc:subject:date:message-id:in-reply-to:references;
 bh=q9y5ygDZnkNJBj5GtPPYh6ZLIGTAWigCPe+2omtbFVg=;
 b=uihfjDK5HsCS2Z2Ew9YwnECRIzEOAaA3lYXMk5WXqR1gn161c2lM9FxZzyYz+9NSHX
 jMahNxn2OaCy49gtBBfDhFVQPtx3lftqmO2qidojgt7+S/x45ZvT8Ev6ISSytR2wWb9C
 qkG4YXyk0KnU9aCfgiGZuEGnSr/nl5wc7f5dz0Hczb4gIZWd3EPurrnAfz5tSznanVRz
 oew1aWjUfbgT+Whi151L2RNTuqKIEc7MEZ8/FQUA+YsHWOAql4nY+ug7Z7jw4st0AUV7
 G4pcSaXE0N9vmBLsge52O5DV1ekCMra/C7lKwMZE8d0ueICygzD+c4VWlUIxCmZ8rU0j
 Jlew==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20130820;
 h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to
 :references;
 bh=q9y5ygDZnkNJBj5GtPPYh6ZLIGTAWigCPe+2omtbFVg=;
 b=I6HeN9ygjH7MZePhWzLxriKk564qv2p9d5nH8W7WhVS7uo9yZRrPg5Al207/7Q6USX
 eCAA95UiZoyZiNMr/7i0fEAncbv2Hz7tfo1zIRuz9or+gnQJzJWv8894D5dLP+Hdvm2y
 H2icAk/KTGVbqtonsaESAxfvKoi8KujwQ4k1QSLCL+8nl8txO5YDaSlfCHudAIbRJkKT
 YN4yYR7W4zemOZxqn4xcGfoHXkkUiu/LkFNNn6Qgbo84Tx95t5Ibfw/wmApTKq1YaUpX
 W+C9JQiiwb6z8jlqSnJoNE9UnO9NXLbciQRgd9SKYnLbvmyB9lfrKhZ8hxe/p9a1Vc3l
 MTcQ==
X-Gm-Message-State: ABUngvdHYavXcTICreC5Y+GYVxRHCXvz7QlRs7q0t2TuYNBPNQcw9E+5Ai/iwJlw+bXiaw==
X-Received: by 10.28.214.133 with SMTP id n127mr6562154wmg.28.1479036114317;
 Sun, 13 Nov 2016 03:21:54 -0800 (PST)
Received: from localhost (5751dfa2.skybroadband.com. [87.81.223.162])
 by smtp.gmail.com with ESMTPSA id y4sm22067304wjp.0.2016.11.13.03.21.53
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Sun, 13 Nov 2016 03:21:53 -0800 (PST)
From: Mark Walters <markwalters1009@gmail.com>
To: notmuch@notmuchmail.org
Subject: [PATCH v6 3/4] emacs: check drafts for encryption tags before saving
Date: Sun, 13 Nov 2016 11:21:45 +0000
Message-Id: <1479036106-32453-4-git-send-email-markwalters1009@gmail.com>
X-Mailer: git-send-email 2.1.4
In-Reply-To: <1479036106-32453-1-git-send-email-markwalters1009@gmail.com>
References: <1479036106-32453-1-git-send-email-markwalters1009@gmail.com>
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Nov 2016 11:21:58 -0000

From: David Bremner <david@tethera.net>

In general the user may not want to save plaintext copies of messages
that they are sending encrypted, so give them a chance to abort.
---
 emacs/notmuch-draft.el   | 39 +++++++++++++++++++++++++++++++++++++++
 test/T630-emacs-draft.sh | 13 +++++++++++++
 2 files changed, 52 insertions(+)

diff --git a/emacs/notmuch-draft.el b/emacs/notmuch-draft.el
index b8a5e67..1fb049a 100644
--- a/emacs/notmuch-draft.el
+++ b/emacs/notmuch-draft.el
@@ -71,6 +71,21 @@ postponing and resuming a message."
   :type '(repeat string)
   :group 'notmuch-send)
 
+(defcustom notmuch-draft-save-plaintext 'ask
+  "Should notmuch save/postpone in plaintext messages that seem
+  like they are intended to be sent encrypted
+(i.e with an mml encryption tag in it)."
+  :type '(radio
+	  (const :tag "Never" nil)
+	  (const :tag "Ask every time" ask)
+	  (const :tag "Always" t))
+  :group 'notmuch-draft
+  :group 'notmuch-crypto)
+
+(defvar notmuch-draft-encryption-tag-regex
+  "<#\\(part encrypt\\|secure.*mode=.*encrypt>\\)"
+  "Regular expression matching mml tags indicating encryption of part or message")
+
 (defvar notmuch-draft-id nil
   "Message-id of the most recent saved draft of this message")
 (make-variable-buffer-local 'notmuch-draft-id)
@@ -103,6 +118,28 @@ Used when a new version is saved, or the message is sent."
 	  (goto-char (+ (match-beginning 0) 2))
 	  (insert "!"))))))
 
+(defun notmuch-draft--has-encryption-tag ()
+  "Returns t if there is an mml secure tag."
+  (save-excursion
+    (message-goto-body)
+    (re-search-forward notmuch-draft-encryption-tag-regex nil 't)))
+
+(defun notmuch-draft--query-encryption ()
+  "Checks if we should save a message that should be encrypted.
+
+`notmuch-draft-save-plaintext' controls the behaviour."
+  (case notmuch-draft-save-plaintext
+	((ask)
+	 (notmuch-draft--query-encryption)
+	 (unless (yes-or-no-p "(Customize `notmuch-draft-save-plaintext' to avoid this warning)
+This message contains mml tags that suggest it is intended to be encrypted.
+Really save and index an unencrypted copy? ")
+	   (error "Save aborted")))
+	((nil)
+	 (error "Refusing to save draft with encryption tags (see `notmuch-draft-save-plaintext')"))
+	((t)
+	 (ignore))))
+
 (defun notmuch-draft--make-message-id ()
   ;; message-make-message-id gives the id inside a "<" ">" pair,
   ;; but notmuch doesn't want that form, so remove them.
@@ -115,6 +152,8 @@ This saves the current message in the database with tags
 `notmuch-draft-tags` (in addition to any default tags
 applied to newly inserted messages)."
   (interactive)
+  (when (notmuch-draft--has-encryption-tag)
+    (notmuch-draft--query-encryption))
   (let ((id (notmuch-draft--make-message-id)))
     (with-temporary-notmuch-message-buffer
      ;; We insert a Date header and a Message-ID header, the former
diff --git a/test/T630-emacs-draft.sh b/test/T630-emacs-draft.sh
index e39690c..689ccfb 100755
--- a/test/T630-emacs-draft.sh
+++ b/test/T630-emacs-draft.sh
@@ -39,4 +39,17 @@ header_count=$(notmuch show --format=raw subject:draft-test-0003 | grep -c ^X-No
 body_count=$(notmuch notmuch show --format=raw subject:draft-test-0003 | grep -c '^\<#secure')
 test_expect_equal "$header_count,$body_count" "1,0"
 
+test_begin_subtest "Refusing to save an encrypted draft"
+test_emacs '(notmuch-mua-mail)
+	    (message-goto-subject)
+	    (insert "draft-test-0004")
+	    (mml-secure-message-sign-encrypt)
+	    (let ((notmuch-draft-save-plaintext nil))
+		     (notmuch-draft-save))
+	    (test-output)'
+count1=$(notmuch count tag:draft)
+count2=$(notmuch count subject:draft-test-0004)
+
+test_expect_equal "$count1,$count2" "3,0"
+
 test_done
-- 
2.1.4