Merge pull request #275 from belfazt/add-a-verification-before-adding-the-content-to-the-mail-issue-269

Add a way to verify that the content doesn't contain sensitive information

Author: thinkingserious

src/main/java/com/sendgrid/helpers/mail/objects/Content.java

@@ -4,6 +4,17 @@
 import com.fasterxml.jackson.annotation.JsonInclude.Include;
 import com.fasterxml.jackson.annotation.JsonProperty;
 
+import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+import java.util.regex.Pattern;
+import java.lang.IllegalArgumentException;
+
+/**
+ * An object in which you may specify the content of your email. 
+ */
 @JsonInclude(Include.NON_DEFAULT)
 public class Content {
   @JsonProperty("type") private String type;
@@ -33,8 +44,24 @@ public String getValue() {
   }
 
   public void setValue(String value) {
+    ContentVerifier.verifyContent(value);
     this.value = value;
   }
+}
+
+class ContentVerifier {
+    private static final List<Pattern> FORBIDDEN_PATTERNS = Collections.singletonList(
+            Pattern.compile(".*SG\\.[a-zA-Z0-9(-|_)]*\\.[a-zA-Z0-9(-|_)]*.*")
+    );
+
+    static void verifyContent(String content) {
+      for (Pattern pattern: FORBIDDEN_PATTERNS) {
+        if (pattern.matcher(content).matches()) {
+          throw new IllegalArgumentException("Found a Forbidden Pattern in the content of the email");
+        }
+      }
+    }
+}
 
   @Override
   public int hashCode() {
@@ -66,4 +93,4 @@ public boolean equals(Object obj) {
       return false;
     return true;
   }
-}
+}

src/test/java/com/sendgrid/helpers/ContentTest.java

@@ -0,0 +1,47 @@
+package com.sendgrid;
+
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Rule;
+import org.junit.Test;
+import org.junit.rules.ExpectedException;
+
+import java.util.ArrayList;
+import java.util.Arrays;
+
+public class ContentTest {
+  private Content content;
+
+  @Before
+  public void setUp() {
+    this.content = new Content();
+  }
+
+  @Rule
+  public final ExpectedException exception = ExpectedException.none();
+
+  @Test
+  public void testForbiddenContentIsRejected() {
+
+    ArrayList<String> sampleApiKeys = new ArrayList<>(
+            Arrays.asList(
+                    "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",
+                    "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"
+                    )
+
+    );
+
+    for (String apiKey: sampleApiKeys) {
+      exception.expect(IllegalArgumentException.class);
+      this.content.setValue("My api key is: " + apiKey);
+    }
+  }
+
+  @Test
+  public void testNormalContentIsAllowed() {
+    String message = "I will not send you my api key!";
+    this.content.setValue(message);
+    Assert.assertEquals(message, this.content.getValue());
+  }
+
+}