SECURITY: Sanitize email id for use as mutex key

SECURITY: Sanitize email id for use as mutex key

diff --git a/lib/email/receiver.rb b/lib/email/receiver.rb
index 42615be..18452eb 100644
--- a/lib/email/receiver.rb
+++ b/lib/email/receiver.rb
@@ -67,7 +67,8 @@ module Email
 
     def process!
       return if is_blacklisted?
-      DistributedMutex.synchronize(@message_id) do
+      id_hash = Digest::SHA1.hexdigest(@message_id)
+      DistributedMutex.synchronize("process_email_#{id_hash}") do
         begin
           return if IncomingEmail.exists?(message_id: @message_id)
           ensure_valid_address_lists

GitHub sha: b3e5f7a8

2 Likes