From 8f89e12e6cafb106d5c201dbc3b2a338bfde74e2 Mon Sep 17 00:00:00 2001
From: Deng Ming <ming_flycash@qq.com>
Date: Thu, 25 Apr 2024 16:54:02 +0800
Subject: [PATCH] fix GHSA-6g9p-wv47-4fxq

---
 core/logs/alils/request.go |  4 ++--
 core/logs/smtp.go          | 30 +++++++++++++++++-------------
 2 files changed, 19 insertions(+), 15 deletions(-)

diff --git a/core/logs/alils/request.go b/core/logs/alils/request.go
index 50d9c43c..dce4dccd 100755
--- a/core/logs/alils/request.go
+++ b/core/logs/alils/request.go
@@ -13,7 +13,7 @@ func request(project *LogProject, method, uri string, headers map[string]string,
 
 	// The caller should provide 'x-sls-bodyrawsize' header
 	if _, ok := headers["x-sls-bodyrawsize"]; !ok {
-		err = fmt.Errorf("Can't find 'x-sls-bodyrawsize' header")
+		err = fmt.Errorf("can't find 'x-sls-bodyrawsize' header")
 		return
 	}
 
@@ -27,7 +27,7 @@ func request(project *LogProject, method, uri string, headers map[string]string,
 		headers["Content-MD5"] = bodyMD5
 
 		if _, ok := headers["Content-Type"]; !ok {
-			err = fmt.Errorf("Can't find 'Content-Type' header")
+			err = fmt.Errorf("can't find 'Content-Type' header")
 			return
 		}
 	}
diff --git a/core/logs/smtp.go b/core/logs/smtp.go
index cf2d8e7d..03ef4220 100644
--- a/core/logs/smtp.go
+++ b/core/logs/smtp.go
@@ -32,13 +32,16 @@ type SMTPWriter struct {
 	FromAddress        string   `json:"fromAddress"`
 	RecipientAddresses []string `json:"sendTos"`
 	Level              int      `json:"level"`
-	formatter          LogFormatter
-	Formatter          string `json:"formatter"`
+	// InsecureSkipVerify default value: true
+	InsecureSkipVerify bool `json:"insecureSkipVerify"`
+
+	formatter LogFormatter
+	Formatter string `json:"formatter"`
 }
 
 // NewSMTPWriter creates the smtp writer.
 func newSMTPWriter() Logger {
-	res := &SMTPWriter{Level: LevelTrace}
+	res := &SMTPWriter{Level: LevelTrace, InsecureSkipVerify: true}
 	res.formatter = res
 	return res
 }
@@ -46,15 +49,16 @@ func newSMTPWriter() Logger {
 // Init smtp writer with json config.
 // config like:
 //
-//	{
-//		"username":"example@gmail.com",
-//		"password:"password",
-//		"host":"smtp.gmail.com:465",
-//		"subject":"email title",
-//		"fromAddress":"from@example.com",
-//		"sendTos":["email1","email2"],
-//		"level":LevelError
-//	}
+//		{
+//			"username":"example@gmail.com",
+//			"password:"password",
+//			"host":"smtp.gmail.com:465",
+//			"subject":"email title",
+//			"fromAddress":"from@example.com",
+//			"sendTos":["email1","email2"],
+//			"level":LevelError,
+//	     	"insecureSkipVerify": false
+//		}
 func (s *SMTPWriter) Init(config string) error {
 	res := json.Unmarshal([]byte(config), s)
 	if res == nil && len(s.Formatter) > 0 {
@@ -91,7 +95,7 @@ func (s *SMTPWriter) sendMail(hostAddressWithPort string, auth smtp.Auth, fromAd
 
 	host, _, _ := net.SplitHostPort(hostAddressWithPort)
 	tlsConn := &tls.Config{
-		InsecureSkipVerify: true,
+		InsecureSkipVerify: s.InsecureSkipVerify,
 		ServerName:         host,
 	}
 	if err = client.StartTLS(tlsConn); err != nil {