All-in-one Mail & Collaboration server. Secure, scalable and fluent in every protocol (IMAP, JMAP, SMTP, CalDAV, CardDAV, WebDAV).
237 matches across 12 categories. Click a row to expand file-level details.
| Severity | File | Line | Snippet |
|---|---|---|---|
| CRITICAL | crates/imap/src/op/list.rs | 188 | mailbox_name: self.server.core.email.shared_folder.as_str().into(), |
| CRITICAL | crates/imap/src/op/create.rs | 181 | if path.first() == Some(&self.server.core.email.shared_folder.as_str()) { |
| CRITICAL | crates/imap/src/op/namespace.rs | 33 | Some(self.server.core.email.shared_folder.as_str().into()) |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 28 | if !self.core.spam.rules.url.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 45 | if !self.core.spam.rules.domain.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 64 | if !self.core.spam.rules.email.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 102 | if !self.core.spam.rules.ip.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 121 | if !self.core.spam.rules.header.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 150 | if !self.core.spam.rules.body.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/rules.rs | 182 | if !self.core.spam.rules.any.is_empty() { |
| CRITICAL | crates/spam-filter/src/analysis/domain.rs | 238 | email.element.email.domain_part.fqdn.clone(), |
| CRITICAL | crates/spam-filter/src/analysis/mime.rs | 389 | Some((name, self.core.spam.lists.file_extensions.get(ext)?)) |
| CRITICAL | crates/spam-filter/src/analysis/mime.rs | 393 | .and_then(|(_, ext)| self.core.spam.lists.file_extensions.get(ext)); |
| CRITICAL | crates/spam-filter/src/analysis/score.rs | 64 | let score = match self.core.spam.lists.scores.get(tag) { |
| CRITICAL | crates/spam-filter/src/modules/expression.rs | 45 | ExpressionVariable::HeloDomain => self.ctx.output.ehlo_host.fqdn.as_str().into(), |
| CRITICAL | crates/spam-filter/src/modules/expression.rs | 52 | ExpressionVariable::EnvFrom => self.ctx.output.env_from_addr.address.as_str().into(), |
| CRITICAL | crates/spam-filter/src/modules/expression.rs | 54 | self.ctx.output.env_from_addr.local_part.as_str().into() |
| CRITICAL | crates/spam-filter/src/modules/expression.rs | 72 | ExpressionVariable::From => self.ctx.output.from.email.address.as_str().into(), |
| CRITICAL | crates/spam-filter/src/modules/expression.rs | 81 | ExpressionVariable::FromLocal => self.ctx.output.from.email.local_part.as_str().into(), |
| CRITICAL | crates/spam-filter/src/modules/expression.rs | 83 | self.ctx.output.from.email.domain_part.fqdn.as_str().into() |
| CRITICAL | crates/common/src/auth/access_token.rs | 51 | self.core.network.security.default_role_ids_user.as_slice() |
| CRITICAL | crates/common/src/auth/access_token.rs | 55 | self.core.network.security.default_role_ids_admin.as_slice() |
| CRITICAL | crates/common/src/auth/access_token.rs | 221 | self.core.network.security.default_role_ids_group.as_slice(), |
| CRITICAL | crates/common/src/auth/permissions.rs | 116 | UserRoles::User => self.core.network.security.default_role_ids_user.as_slice(), |
| CRITICAL | crates/common/src/auth/permissions.rs | 119 | self.core.network.security.default_role_ids_admin.as_slice() |
| CRITICAL | crates/common/src/auth/permissions.rs | 137 | .unwrap_or(self.core.network.security.default_role_ids_group.as_slice()), |
| CRITICAL | crates/common/src/network/security.rs | 344 | self.core.network.security.auth_fail_rate.is_some() |
| CRITICAL | crates/common/src/network/dns/records.rs | 391 | .map(|doc| self.core.network.info.pacc.build(&doc.url)) |
| CRITICAL | crates/common/src/network/dns/update.rs | 1244 | match self.core.smtp.resolvers.dns.txt_raw_lookup(&name).await { |
| CRITICAL | crates/common/src/expr/eval.rs | 224 | stack.push(self.core.core.network.server_name.as_str().into()) |
| CRITICAL | crates/common/src/expr/eval.rs | 227 | stack.push(self.core.core.email.default_domain_name.as_str().into()) |
| CRITICAL | crates/common/src/expr/eval.rs | 229 | SystemVariable::NodeId => stack.push(self.core.core.network.node_id.into()), |
| CRITICAL | crates/common/src/scripts/plugins/lookup.rs | 31 | _ => Some(ctx.server.core.storage.memory.clone()), |
| CRITICAL | crates/common/src/scripts/plugins/lookup.rs | 57 | _ => Some(ctx.server.core.storage.memory.clone()), |
| CRITICAL | crates/common/src/scripts/plugins/lookup.rs | 78 | _ => Some(ctx.server.core.storage.memory.clone()), |
| CRITICAL | crates/common/src/scripts/plugins/query.rs | 24 | _ => Some(ctx.server.core.storage.data.clone()), |
| CRITICAL | crates/http/src/request.rs | 200 | self.core.network.http.url_https.to_string(), |
| CRITICAL | crates/http/src/request.rs | 776 | if !server.core.network.http.response_headers.is_empty() { |
| CRITICAL | crates/http/src/auth/oauth/token.rs | 67 | let issuer = self.core.network.http.url_https.to_string(); |
| CRITICAL | crates/smtp/src/reporting/tls.rs | 346 | .and_then(|idx| report.report.policies.0.inner.get_mut(idx)) |
| CRITICAL | crates/smtp/src/reporting/tls.rs | 419 | &mut report.report.policies.0.inner.last_mut().unwrap().value |
| CRITICAL | crates/smtp/src/inbound/data.rs | 378 | let message_id = self.server.inner.data.queue_id_gen.generate(); |
| CRITICAL | crates/smtp/src/queue/quota.rs | 37 | if !self.core.smtp.queue.quota.sender.is_empty() { |
| CRITICAL | crates/smtp/src/queue/quota.rs | 62 | if !self.core.smtp.queue.quota.rcpt_domain.is_empty() { |
| CRITICAL | crates/jmap/src/registry/mapping/action.rs | 212 | set.server.inner.data.applications.reload(&mut bp).await; |
| CRITICAL | crates/jmap/src/registry/mapping/action.rs | 401 | let (score, disposition) = match server.core.spam.lists.scores.get(&tag) { |
| CRITICAL | crates/jmap/src/registry/mapping/log.rs | 35 | let Some(path) = get.server.core.metrics.log_path.clone() else { |
| CRITICAL | crates/jmap/src/registry/mapping/log.rs | 75 | let Some(path) = req.server.core.metrics.log_path.clone() else { |
| CRITICAL | crates/services/src/task_manager/manager.rs | 530 | server.core.network.task_manager.total_deadline.as_secs(), |
| CRITICAL | tests/src/imap/antispam.rs | 86 | assert!(test.server.inner.data.spam_classifier.load().is_active()); |
| CRITICAL | tests/src/smtp/session.rs | 279 | self.server.inner.data.queue_id_gen.generate(), |
| CRITICAL | tests/src/smtp/inbound/asn.rs | 90 | if test.server.inner.data.asn_geo_data.lock.available_permits() > 0 { |
| CRITICAL | tests/src/webdav/prop.rs | 640 | (0..=(test.server.core.groupware.dead_property_size.unwrap() + 1)) |
| CRITICAL | tests/src/webdav/lock.rs | 165 | (0..=test.server.core.groupware.dead_property_size.unwrap() + 1) |
| CRITICAL | tests/src/store/blob.rs | 34 | let store = test.server.core.storage.data.clone(); |
| CRITICAL | tests/src/store/blob.rs | 35 | let blob_store = test.server.core.storage.blob.clone(); |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | crates/jmap-proto/src/request/parser.rs | 814 | "email": "foo@bar.com" |
| LOW | crates/jmap-proto/src/request/parser.rs | 828 | "email": "foo@bar.com" |
| LOW | crates/jmap-proto/src/request/parser.rs | 860 | "email": "foo@bar.com" |
| LOW | crates/directory/src/core/sasl.rs | 175 | Some("user@example.com".to_string()) |
| LOW | crates/imap-proto/src/protocol/fetch.rs | 998 | name: Some("John Doe".into()), |
| LOW | tests/resources/itip/google_calendar.txt | 57 | summary.attendee: Participants([ItipParticipant { email: "a@gmail.com", name: Some("John Doe"), is_organizer: true }, It |
| LOW | tests/resources/itip/google_calendar.txt | 78 | CN="John Doe";X-NUM-GUESTS=0:mailto:a@gmail.com |
| LOW | tests/resources/itip/google_calendar.txt | 79 | ORGANIZER;CN="John Doe":mailto:a@gmail.com |
| LOW | tests/resources/itip/google_calendar.txt | 171 | summary.attendee: Participants([ItipParticipant { email: "a@gmail.com", name: Some("John Doe"), is_organizer: true }, It |
| LOW | tests/resources/itip/google_calendar.txt | 193 | CN="John Doe";X-NUM-GUESTS=0:mailto:a@gmail.com |
| LOW | tests/resources/itip/google_calendar.txt | 194 | ORGANIZER;CN="John Doe":mailto:a@gmail.com |
| LOW | tests/resources/itip/google_calendar.txt | 241 | CN="John Doe";X-NUM-GUESTS=0:mailto:a@gmail.com |
| LOW | tests/resources/itip/google_calendar.txt | 242 | ORGANIZER;CN="John Doe":mailto:a@gmail.com |
| LOW | tests/resources/ldap/ldap.cfg | 58 | principalName = ["John Doe"] |
| LOW | tests/resources/ldap/ldap.cfg | 69 | principalName = ["Jane Doe"] |
| LOW | tests/resources/jmap/email_parse/headers.json | 647 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_parse/headers.json | 660 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_parse/headers.json | 670 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_parse/headers.json | 693 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_parse/headers.json | 764 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_parse/headers.json | 804 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_get/headers.json | 681 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_get/headers.json | 694 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_get/headers.json | 704 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_get/headers.json | 727 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_get/headers.json | 798 | "name": "John Doe", |
| LOW | tests/resources/jmap/email_get/headers.json | 838 | "name": "John Doe", |
| LOW | tests/src/cluster/broadcast.rs | 177 | Property::Description: "John Doe" |
| LOW | tests/src/cluster/broadcast.rs | 189 | Some("John Doe") |
| LOW | tests/src/cluster/broadcast.rs | 198 | Some("John Doe") |
| LOW | tests/src/cluster/stress.rs | 41 | let admin = test.create_admin_account("admin@example.com").await; |
| LOW | tests/src/cluster/stress.rs | 56 | let client = Arc::new(test.account("admin@example.com").jmap_client().await); |
| LOW | tests/src/cluster/stress.rs | 285 | let client = Arc::new(test.account("admin@example.com").jmap_client().await); |
| LOW | tests/src/imap/mod.rs | 54 | let admin = test.create_admin_account("admin@example.com").await; |
| LOW | tests/src/imap/mod.rs | 61 | "John Doe", |
| LOW | tests/src/imap/antispam.rs | 27 | let admin = test.account("admin@example.com"); |
| LOW | tests/src/imap/basic.rs | 19 | username: Some("user@example.com".to_string()), |
| LOW | tests/src/directory/synchronization.rs | 33 | description: "John Doe".to_string().into(), |
| LOW | tests/src/directory/synchronization.rs | 51 | description: "John Doe".to_string().into(), |
| LOW | tests/src/directory/synchronization.rs | 74 | assert_eq!(account_out.description.as_deref(), Some("John Doe")); |
| LOW | tests/src/directory/ldap.rs | 32 | description: Some("John Doe".into()), |
| LOW | tests/src/directory/ldap.rs | 79 | description: Some("John Doe".into()), |
| LOW | tests/src/directory/ldap.rs | 100 | description: Some("John Doe".into()) |
| LOW | tests/src/directory/oidc.rs | 47 | description: Some("John Doe".to_string()) |
| LOW | tests/src/directory/oidc.rs | 69 | description: Some("John Doe".to_string()) |
| LOW | tests/src/directory/sql.rs | 31 | "VALUES ('john@example.org', 'john secret', 'John Doe', 'individual')" |
| LOW | tests/src/directory/sql.rs | 35 | "VALUES ('jane@example.org', 'jane secret', 'Jane Doe', 'individual')" |
| LOW | tests/src/directory/sql.rs | 101 | description: Some("John Doe".to_string()), |
| LOW | tests/src/directory/sql.rs | 122 | description: Some("John Doe".to_string()), |
| LOW | tests/src/directory/sql.rs | 132 | description: Some("Jane Doe".to_string()), |
| LOW | tests/src/directory/integration.rs | 45 | Some("John Doe") |
| LOW | tests/src/directory/integration.rs | 86 | "John Doe", |
| LOW | tests/src/smtp/lookup/expressions.rs | 52 | ("john@foobar.org", "12345 + extra safety", "John Doe", &[]), |
| LOW | tests/src/smtp/inbound/auth.rs | 33 | "John Doe", |
| LOW | tests/src/smtp/inbound/vrfy.rs | 29 | ("john@foobar.org", "12345 + extra safety", "John Doe", &[]), |
| LOW | tests/src/smtp/inbound/rcpt.rs | 37 | ("john@foobar.org", "12345 + extra safety", "John Doe", &[]), |
| LOW | tests/src/smtp/inbound/data.rs | 39 | ("john@foobar.org", "12345 + extra safety", "John Doe", &[]), |
| LOW | tests/src/webdav/cal_scheduling.rs | 638 | name: Some("John Doe".to_string()), |
| LOW | tests/src/webdav/cal_scheduling.rs | 766 | name: Some("John Doe".to_string()), |
| LOW | tests/src/webdav/copy_move.rs | 18 | let admin = test.account("admin@example.com"); |
| 35 more matches not shown… | |||
| Severity | File | Line | Snippet |
|---|---|---|---|
| MEDIUM | tests/docker/docker-compose.yml | 9 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 11 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 19 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 21 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 80 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 82 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 89 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 91 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 257 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 259 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 267 | # ============================================================================= |
| MEDIUM | tests/docker/docker-compose.yml | 269 | # ============================================================================= |
| MEDIUM | tests/docker/docker-compose.yml | 33 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 35 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 49 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 51 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 104 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 106 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 118 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 120 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 141 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 143 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 164 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 166 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 194 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 199 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 211 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 213 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 230 | # --------------------------------------------------------------------------- |
| MEDIUM | tests/docker/docker-compose.yml | 232 | # --------------------------------------------------------------------------- |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | resources/scripts/ossify.py | 70 | except Exception as e: |
| MEDIUM | resources/scripts/ossify.py | 71 | print(f"Error reading file {file_path}: {e}") |
| LOW | resources/scripts/ossify.py | 144 | except Exception as e: |
| MEDIUM | resources/scripts/ossify.py | 182 | print(f"Error: {args.directory} is not a valid directory") |
| LOW | resources/scripts/migrate_v016.py | 1804 | except Exception as exc: |
| MEDIUM | resources/scripts/imap-log-sanitizer.py | 132 | print(f"Error: File '{args.input_file}' not found") |
| LOW | resources/scripts/imap-log-sanitizer.py | 134 | except Exception as e: |
| MEDIUM | resources/scripts/imap-log-sanitizer.py | 135 | print(f"Error reading file: {e}") |
| LOW | resources/scripts/imap-log-sanitizer.py | 159 | except Exception as e: |
| MEDIUM | resources/scripts/imap-log-sanitizer.py | 160 | print(f"Error writing output: {e}") |
| MEDIUM | tests/resources/scripts/imap_import_single.py | 24 | print(f'Error while appending message: {response_code} {response_details}') |
| LOW | tests/resources/scripts/stress_test.py | 54 | except Exception as e: |
| LOW | tests/resources/scripts/stress_test.py | 65 | except Exception as e: |
| LOW | tests/resources/scripts/stress_test.py | 81 | except Exception as e: |
| LOW | tests/resources/scripts/stress_test.py | 98 | except Exception as e: |
| MEDIUM | tests/resources/scripts/stress_test.py | 46 | def smtp_send_message(username, password, recipient): |
| MEDIUM | tests/resources/scripts/stress_test.py | 57 | def imap_append_message(username, password, recipient): |
| MEDIUM | tests/resources/scripts/stress_test.py | 68 | def imap_list_fetch(username, password): |
| MEDIUM | tests/resources/scripts/stress_test.py | 84 | def imap_delete_message(username, password): |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | install.sh | 201 | |
| LOW | install.sh | 301 | } |
| LOW | crates/types/src/keyword.rs | 61 | #[serde(rename(serialize = "$draft"))] |
| LOW | crates/jmap-proto/src/request/capability.rs | 21 | #[serde(rename(serialize = "capabilities"))] |
| LOW | crates/common/src/network/autoconfig/pacc.rs | 61 | } |
| LOW | crates/common/src/telemetry/tracers/journald.rs | 121 | /// - severe Kernel BUG |
| LOW | crates/common/src/telemetry/tracers/journald.rs | 141 | /// |
| LOW | crates/common/src/telemetry/tracers/journald.rs | 161 | Notice = b'5', |
| LOW | crates/common/src/telemetry/tracers/journald.rs | 201 | "journald does not exist in this environment", |
| LOW | crates/registry/src/schema/structs.rs | 2321 | #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] |
| LOW | crates/registry/src/schema/structs.rs | 3281 | #[derive(Debug, Clone, PartialEq, Eq, Serialize, Deserialize)] |
| LOW | crates/store/src/lib.rs | 161 | // SPDX-License-Identifier: LicenseRef-SEL |
| LOW | crates/store/src/dispatch/blob.rs | 201 | // SPDX-SnippetBegin |
| LOW | crates/store/src/backend/sqlite/pool.rs | 61 | pub fn with_flags(self, flags: OpenFlags) -> Self { |
| LOW | resources/scripts/minify_html.sh | 1 | #!/usr/bin/env bash |
| LOW | .github/workflows/scorecard.yml | 41 | - name: "Run analysis" |
| Severity | File | Line | Snippet |
|---|---|---|---|
| MEDIUM | tests/docker/powerdns/init-zone.sh | 13 | # Create the zone with default SOA + NS |
| MEDIUM | tests/docker/scripts/init-minio.sh | 10 | # Create the stalwart bucket |
| MEDIUM | tests/resources/scripts/stress_test.py | 23 | # Create an SSL context |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | resources/scripts/ossify.py | 23 | |
| LOW | resources/scripts/ossify.py | 75 | |
| LOW | resources/scripts/ossify.py | 114 | |
| LOW | resources/scripts/ossify.py | 160 | |
| LOW | resources/scripts/migrate_v016.py | 834 | |
| LOW | resources/scripts/imap-log-sanitizer.py | 102 |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | resources/scripts/ossify.py | 18 | |
| LOW | resources/scripts/ossify.py | 20 | |
| LOW | resources/scripts/migrate_v016.py | 29 | |
| LOW | resources/scripts/imap-log-sanitizer.py | 13 | |
| LOW | tests/resources/scripts/imap_import_single.py | 6 |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | resources/scripts/ossify.py | 75 | def remove_proprietary_snippets(content: str) -> Tuple[str, int]: |
| LOW | resources/scripts/migrate_v016.py | 947 | def _tenant_default_domain_cid(self, p: dict[str, Any]) -> str | None: |
| LOW | resources/scripts/migrate_v016.py | 1281 | def _is_same_kv_store_as_data(self, sub: dict[str, str]) -> bool: |
| LOW | tests/resources/scripts/stress_test.py | 22 | def allow_invalid_certificates(): |
| Severity | File | Line | Snippet |
|---|---|---|---|
| MEDIUM | crates/smtp/Cargo.toml | 65 | #harness = false |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | install.sh | 838 | # Check if curl supports the --retry flag, then pass it to the curl invocation. |
| Severity | File | Line | Snippet |
|---|---|---|---|
| LOW | resources/scripts/minify_html.sh | 9 | # Usage: |