SA Bugzilla – Bug 7790
Error in pyzor_options option parsing
Last modified: 2020-04-10 08:24:24 UTC
For pyzor_options option only characters in the range [0-9A-Za-z ,._/-] are allowed for security reasons. But valid pyzor option can include '=' character (--homedir=HOMEDIR, --log-file=LOGFILE, etc). Please, add '=' to the list of allowed characters for pyzor_options.
I don't know whether there was a good reason to omit '=', but it isn't actually essential, you can use --homedir HOMEDIR --log-file LOGFILE It is confusing though.
I have tried pyzor 1.0 with "--homedir HOMEDIR" options format and it worked. So the issue importance can be lowed to "minor". But I still think that it would be useful to allow '=' in pyzor_options or to mention "--homedir HOMEDIR" format in spamassassin documentation. Running "pyzor --help" lists only "--homedir=HOMEDIR" options format so it is not evident that it is possible to use ' ' instead of '='. P.S. It may be also useful to add a warning message if pyzor_options value contains forbidden characters and add modify "internal error, python traceback seen in response\n" warning message in Pyzor.pm by adding actual python traceback to it. I am using spamassassin as a part of mimedefang and was very surprised to see an error message from mimedefang-multiplexor about python traceback as both spamassassin and mimedefang are written in perl, not python :). It was rather difficult to find out that actual reason of these messages in my case was the following: spamassassin silently ignored my custom pyzor_options due to '=' characters and run pyzor without any options and pyzor tried to create homedir in default (i.e. wrong) location and failed with python traceback due to lack of permissions to do that.
Added = as allowed character. Sending spamassassin-3.4/lib/Mail/SpamAssassin/Plugin/Pyzor.pm Sending trunk/lib/Mail/SpamAssassin/Plugin/Pyzor.pm Transmitting file data ..done Committing transaction... Committed revision 1876350. PS. spamassassin --lint already warns about any invalid configs.