Merge branch 'master' into 5498-puppeteer-v21

# Conflicts: # package-lock.json # package.json
FlowCrypt · May 27, 2024 · f9e94fb · f9e94fb
2 parents 243233f + d4c6c45
commit f9e94fb
Show file tree

Hide file tree

Showing 14 changed files with 1,954 additions and 2,758 deletions.
diff --git a/.github/workflows/ossar-analysis.yml b/.github/workflows/ossar-analysis.yml
@@ -1,20 +1,33 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+
 # This workflow integrates a collection of open source static analysis tools
 # with GitHub code scanning. For documentation, or to provide feedback, visit
 # https://github.com/github/ossar-action
 name: OSSAR
 
 on:
   push:
+    branches: [ "master" ]
   pull_request:
+    branches:
+
+permissions:
+  contents: read
 
 jobs:
   OSSAR-Scan:
     # OSSAR runs on windows-latest.
     # ubuntu-latest and macos-latest support coming soon
-    runs-on: windows-latest
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    runs-on: ubuntu-latest
 
     steps:
-      # Checkout your code repository to scan
     - name: Checkout repository
       uses: actions/checkout@v4
       with:
@@ -26,20 +39,19 @@ jobs:
     # the head of the pull request instead of the merge commit.
     - run: git checkout HEAD^2
       if: ${{ github.event_name == 'pull_request' }}
-
     # Ensure a compatible version of dotnet is installed.
     # The [Microsoft Security Code Analysis CLI](https://aka.ms/mscadocs) is built with dotnet v3.1.201.
     # A version greater than or equal to v3.1.201 of dotnet must be installed on the agent in order to run this action.
-    # Remote agents already have a compatible version of dotnet installed and this step may be skipped.
-    # For local agents, ensure dotnet version 3.1.201 or later is installed by including this action:
+    # GitHub hosted runners already have a compatible version of dotnet installed and this step may be skipped.
+    # For self-hosted runners, ensure dotnet version 3.1.201 or later is installed by including this action:
     # - name: Install .NET
-    #   uses: actions/setup-dotnet@v1
+    #   uses: actions/setup-dotnet@v2
     #   with:
     #     dotnet-version: '3.1.x'
 
       # Run open source static analysis tools
     - name: Run OSSAR
-      uses: github/ossar-action@v1
+      uses: github/ossar-action@v2.0.0
       id: ossar
 
       # Upload results to the Security tab

diff --git a/extension/changelog.txt b/extension/changelog.txt
@@ -1,5 +1,7 @@
 <div class="lightboxed">
 
+version 8.5.5 on May 20, 2024: <a href="https://github.com/FlowCrypt/flowcrypt-browser/milestone/478?closed=1" target="_blank">Manifest V3</a>
+
 version 8.5.4 on March 7, 2024: <a href="https://github.com/FlowCrypt/flowcrypt-browser/milestone/476?closed=1" target="_blank">Improved compatibility with firewalls</a>
 
 version 8.5.3 on February 7, 2024: <a href="https://github.com/FlowCrypt/flowcrypt-browser/milestone/468?closed=1" target="_blank">Improvements for encrypted content detection and PGP/MIME messages parsing</a>

diff --git a/extension/chrome/elements/compose-modules/compose-input-module.ts b/extension/chrome/elements/compose-modules/compose-input-module.ts
@@ -54,7 +54,9 @@ export class ComposeInputModule extends ViewModule<ComposeView> {
   };
 
   public removeRichTextFormatting = () => {
-    this.initSquire(false, true);
+    if (this.view.inputModule.isRichText()) {
+      this.initSquire(false, true);
+    }
   };
 
   public inputTextHtmlSetSafely = (html: string) => {

diff --git a/extension/chrome/settings/inbox/inbox-modules/inbox-list-threads-module.ts b/extension/chrome/settings/inbox/inbox-modules/inbox-list-threads-module.ts
@@ -7,7 +7,7 @@ import { Catch } from '../../../../js/common/platform/catch.js';
 import { GmailParser } from '../../../../js/common/api/email-provider/gmail/gmail-parser.js';
 import { InboxView } from '../inbox.js';
 import { Lang } from '../../../../js/common/lang.js';
-import { Str } from '../../../../js/common/core/common.js';
+import { Str, promiseAllWithLimit } from '../../../../js/common/core/common.js';
 import { Ui } from '../../../../js/common/browser/ui.js';
 import { ViewModule } from '../../../../js/common/view-module.js';
 import { Xss } from '../../../../js/common/platform/xss.js';
@@ -18,7 +18,10 @@ export class InboxListThreadsModule extends ViewModule<InboxView> {
     try {
       const { threads } = await this.view.gmail.threadList(labelId);
       if (threads?.length) {
-        await Promise.all(threads.map(t => this.renderInboxItem(t.id)));
+        await promiseAllWithLimit(
+          30,
+          threads.map(t => () => this.renderInboxItem(t.id))
+        );
       } else {
         Xss.sanitizeRender('.threads', `<p>No encrypted messages in ${Xss.escape(labelId)} yet. ${Ui.retryLink()}</p>`);
       }
@@ -39,7 +42,7 @@ export class InboxListThreadsModule extends ViewModule<InboxView> {
     }
   };
 
-  private renderInboxItem = async (threadId: string) => {
+  private renderInboxItem = async (threadId: string): Promise<void> => {
     this.inboxThreadItemAdd(threadId);
     const threadItem = $('.threads #' + this.threadListItemId(threadId));
     try {

diff --git a/extension/js/common/api/email-provider/gmail/gmail-parser.ts b/extension/js/common/api/email-provider/gmail/gmail-parser.ts
@@ -165,7 +165,9 @@ export class GmailParser {
       const parts = payload.parts!; // eslint-disable-line @typescript-eslint/no-non-null-assertion
       // are we dealing with a PGP/MIME encrypted message?
       const pgpEncrypted = Boolean(
-        parts.length === 2 && contentType?.value?.startsWith('multipart/encrypted;') && contentType.value.includes('protocol="application/pgp-encrypted"')
+        parts.length === 2 &&
+          contentType?.value?.startsWith('multipart/encrypted') &&
+          (contentType.value.includes('protocol="application/pgp-encrypted"') || parts[0].mimeType === 'application/pgp-encrypted')
       );
       for (const [i, part] of parts.entries()) {
         GmailParser.findAttachments(part, internalMsgId, internalResults, {

diff --git a/extension/js/common/api/email-provider/gmail/gmail.ts b/extension/js/common/api/email-provider/gmail/gmail.ts
@@ -4,7 +4,7 @@
 
 import { AddrParserResult, BrowserWindow } from '../../../browser/browser-window.js';
 import { ChunkedCb, ProgressCb, EmailProviderContact } from '../../shared/api.js';
-import { Dict, Str, Value } from '../../../core/common.js';
+import { Dict, Str, Value, promiseAllWithLimit } from '../../../core/common.js';
 import { EmailProviderApi, EmailProviderInterface, Backups } from '../email-provider-api.js';
 import { GMAIL_GOOGLE_API_HOST, gmailBackupSearchQuery } from '../../../core/const.js';
 import { GmailParser, GmailRes } from './gmail-parser.js';
@@ -136,7 +136,10 @@ export class Gmail extends EmailProviderApi implements EmailProviderInterface {
   };
 
   public msgsGet = async (msgIds: string[], format: GmailResponseFormat): Promise<GmailRes.GmailMsg[]> => {
-    return await Promise.all(msgIds.map(id => this.msgGet(id, format)));
+    return await promiseAllWithLimit(
+      30,
+      msgIds.map(id => () => this.msgGet(id, format))
+    );
   };
 
   public labelsGet = async (): Promise<GmailRes.GmailLabels> => {

diff --git a/extension/js/common/core/common.ts b/extension/js/common/core/common.ts
@@ -517,3 +517,20 @@ export const checkValidURL = (url: string): boolean => {
   const pattern = /(http|https):\/\/([a-z0-9-]+((\.[a-z0-9-]+)+)?)(:[0-9]+)?(\/|\/([\w#!:.?+=&%@\-\/]))?/;
   return pattern.test(url);
 };
+
+/**
+ * Executes multiple promises concurrently with a limit to the number of promises running simultaneously.
+ * Resolves when all promises are resolved or rejects when any promise is rejected.
+ *
+ * @param concurrency - The maximum number of promises to run at the same time.
+ * @param tasks - An array of functions that return promises.
+ * @returns A Promise that resolves to an array of the resolved values of the input promises.
+ */
+export const promiseAllWithLimit = async <V>(concurrency: number, tasks: (() => Promise<V>)[]): Promise<V[]> => {
+  let results: V[] = [];
+  while (tasks.length) {
+    const currentTasks = tasks.splice(0, concurrency).map(task => task());
+    results = results.concat(await Promise.all(currentTasks));
+  }
+  return results;
+};
diff --git a/extension/js/common/core/crypto/pgp/openpgp-key.ts b/extension/js/common/core/crypto/pgp/openpgp-key.ts
@@ -268,6 +268,7 @@ export class OpenPGPKey {
       const message = await opgp.createMessage({ text });
       return await opgp.sign({ message, format: 'armored', signingKeys: [signingPrv], detached });
     }
+    text = text ? text : '\n';
     const message = await opgp.createCleartextMessage({ text });
     return await opgp.sign({ message, signingKeys: [signingPrv] });
   }

diff --git a/extension/js/content_scripts/webmail/setup-webmail-content-script.ts b/extension/js/content_scripts/webmail/setup-webmail-content-script.ts
@@ -431,6 +431,11 @@ export const contentScriptSetupIfVacant = async (webmailSpecific: WebmailSpecifi
 
   const entrypoint = async () => {
     try {
+      // Do not try to show decrypted content for original message content view
+      if (location.href.includes('/popout') || location.href.includes('view=om')) {
+        console.info('Showing original message');
+        return;
+      }
       const acctEmail = await waitForAcctEmail();
       const { tabId, notifications, factory, inject } = await initInternalVars(acctEmail);
       await showNotificationsAndWaitTilAcctSetUp(acctEmail, notifications);