Allow whitelisting entire domains

caktus · Nov 6, 2015 · ea50608 · ea50608
1 parent 250665c
commit ea50608
Show file tree

Hide file tree

Showing 4 changed files with 21 additions and 2 deletions.
diff --git a/bandit/backends/base.py b/bandit/backends/base.py
@@ -26,14 +26,19 @@ def send_messages(self, email_messages):
         admins = getattr(settings, 'ADMINS', ())
         server_email = getattr(settings, 'SERVER_EMAIL', 'root@localhost')
         bandit_email = getattr(settings, 'BANDIT_EMAIL', server_email)
-        whitelist_emails = getattr(settings, 'BANDIT_WHITELIST', ())
+        whitelist_emails = set(getattr(settings, 'BANDIT_WHITELIST', ()))
         approved_emails = set([server_email, bandit_email, ] + list(whitelist_emails) +
                               [email for name, email in admins])
+
+        def is_approved(email):
+            local_part, _, domain = email.rpartition('@')
+            return email in approved_emails or domain in whitelist_emails
+
         to_send = []
         logged_count = 0
         for message in email_messages:
             recipients = message.to + message.cc + message.bcc
-            all_approved = reduce(and_, map(lambda e: e in approved_emails, recipients))
+            all_approved = reduce(and_, map(is_approved, recipients))
             if all_approved:
                 to_send.append(message)
             else:

diff --git a/bandit/tests.py b/bandit/tests.py
@@ -162,6 +162,14 @@ def test_send_multiple(self):
         message = messages[1]
         self.assertEqual(message.get_all('to'), ['[email protected]', ])
 
+    def test_whitelist_domain(self):
+        addresses = ['[email protected]', '[email protected]']
+        emails = [EmailMessage( 'Subject', 'Content', '[email protected]', addresses)]
+        num_sent = self.get_connection().send_messages(emails)
+        self.assertEqual(len(emails), num_sent)
+        messages = self.get_mailbox_content()
+        self.assertEqual(messages[0].get_all('to'), [', '.join(addresses)])
+
 
 class LogOnlyBackendTestCase(BaseBackendTestCase):
 

diff --git a/docs/settings.rst b/docs/settings.rst
@@ -23,3 +23,8 @@ add those email addresses to
 ``BANDIT_WHITELIST``. ``BANDIT_WHITELIST`` defaults to an empty tuple::
 
     BANDIT_WHITELIST = ('[email protected]', )
+
+A domain can also be put in the BANDIT_WHITELIST. This will whitelist any email
+to that domain.
+
+    BANDIT_WHITELIST = ('example.com', )
diff --git a/runtests.py b/runtests.py
@@ -19,6 +19,7 @@
         SITE_ID=1,
         ADMINS=(('Admin', '[email protected]'), ),
         BANDIT_EMAIL='[email protected]',
+        BANDIT_WHITELIST=('whitelisted.test.com', ),
         BASE_DIR='',  # tells compatibility checker not to emit warning
     )