- Author: Jonathan M. Wilbur <[email protected]>
- Copyright Year: 2019
- License: MIT License
Build by running tsc
in the root directory.
Run npm run-script test
.
You can debug easily in VS Code. For some reason, breakpoints do not appear to
work in index.ts
.
Once the following requirements are met, Wildboar IMAP Server moves into Alpha development.
- Commands
- Graceful Shutdown
- Add
isSet
to ConfigurationSource. - Ignore blank newlines.
- Healthcheck tool
- Use a
sensitiveCommandRunning
flag to prevent race conditions when a connection attempts twoAPPEND
s at once, for instance. - Simple Authorization
- Start-up checks:
- Confirm that all integers are safe.
- Confirm that all command names are atoms.
- Confirm that there are no duplicate plugins.
- Add
capability
field to plugins. - Consider using nameless queues to make the queue list more readable.
- Make
ConfigurationSource
a class so you can keep the master variables list there. - Add
commands_needing_authorization
configuration directive. - Is
LexemeType.ERROR
really necessary anymore? Nope. Deleted. - Implement an interface for command callbacks to write to the socket in a more controlled manner.
- Catch errors in non-arguments lexing.
- Add
warnings
ornotifications
to storage driver responses and all handlers. - Deduplicate simple handlers
- Move schema into command files
- Immediately drop connection if tag is "GET" to mitigate SSRF attacks.
Once the following requirements are met, Wildboar IMAP Server moves into Beta development.
- AWS SQS message broker support
- Azure Queue storage support
- Update dependencies
- Use
Set
instead of arrays where uniqueness is a requirement. (Check forstring[]
) - Check for correct state at the start of commands.
- Check
toString()
occurrences for UTF decoding safety.- Flag safe ones with
#UTF_SAFE
comments.
- Flag safe ones with
- Support
SEARCH
tricks - Address Potential Concurrency Issues: (See
./documentation/concurrency.md
.)- If responses are written line-by-line, could lines of responses be interlaced?
- Even if responses are written all at the same time, is it possible for socket writes to overlap?
- Is a DoS Possible by calling
LOGOUT
shortly after running a command?
- Error reporting with the NodeJS Report API
- Assertions
- Handle size limitations imposed by message brokers (4GB for AMQP, 16MB for AWS SQS)
- Fill out JSON schema more (Documentation)
- Audit all commands for the following:
- Correct State
- Error Reporting
- Argument Length checking
- Length assertions
- Error logging
- Logging is correct severity
Once the following requirements are met, Wildboar IMAP Server moves into Release Candidate development. In Beta, no new features are added to Wildboar IMAP Server; only testing is performed and bugs are fixed.
- Static analysis
- Fuzz testing
- Achieve 100% test coverage
- Resilience testing with Chaos Monkey
- Invalid UTF fuzzing
- Performance profiling
- Denial of Service testing
- Memory leak tests
- Repeatedly connecting and disconnecting
- Running commands repeatedly
- Repeatedly authenticating
- Test for timing attacks
- Test for directory traversal
Once the following requirements are met, Wildboar IMAP Server version 1.0.0 will be released.
- 100% JSDoc Documentation
- User Acceptance Testing
The following features will be added some time after the release of version 1.0.0.
- Visual Studio Solution
- Bazel build Configuration
- Sentry Configuration
- NPM Tasks
- Drop capabilities
- Cryptographically signed messages?
- Add environment variable for signing up an account for the email list
- Run each connection in a NodeJS Worker Thread