• Author: Jonathan M. Wilbur <[email protected]>
• Copyright Year: 2019
• License: MIT License

Build by running tsc in the root directory.

Run npm run-script test.

You can debug easily in VS Code. For some reason, breakpoints do not appear to work in index.ts.

Once the following requirements are met, Wildboar IMAP Server moves into Alpha development.

• Commands
• Graceful Shutdown
• Add isSet to ConfigurationSource.
• Ignore blank newlines.
• Healthcheck tool
• Use a sensitiveCommandRunning flag to prevent race conditions when a connection attempts two APPENDs at once, for instance.
• Simple Authorization
• Start-up checks:
  • Confirm that all integers are safe.
  • Confirm that all command names are atoms.
  • Confirm that there are no duplicate plugins.
• Add capability field to plugins.
• Consider using nameless queues to make the queue list more readable.
• Make ConfigurationSource a class so you can keep the master variables list there.
• Add commands_needing_authorization configuration directive.
• Is LexemeType.ERROR really necessary anymore? Nope. Deleted.
• Implement an interface for command callbacks to write to the socket in a more controlled manner.
• Catch errors in non-arguments lexing.
• Add warnings or notifications to storage driver responses and all handlers.
• Deduplicate simple handlers
• Move schema into command files
• Immediately drop connection if tag is "GET" to mitigate SSRF attacks.

Once the following requirements are met, Wildboar IMAP Server moves into Beta development.

• AWS SQS message broker support
• Azure Queue storage support
• Update dependencies
• Use Set instead of arrays where uniqueness is a requirement. (Check for string[])
• Check for correct state at the start of commands.
• Check toString() occurrences for UTF decoding safety.
  • Flag safe ones with #UTF_SAFE comments.
• Support SEARCH tricks
• Address Potential Concurrency Issues: (See ./documentation/concurrency.md.)
  • If responses are written line-by-line, could lines of responses be interlaced?
  • Even if responses are written all at the same time, is it possible for socket writes to overlap?
  • Is a DoS Possible by calling LOGOUT shortly after running a command?
• Error reporting with the NodeJS Report API
• Assertions
• Handle size limitations imposed by message brokers (4GB for AMQP, 16MB for AWS SQS)
• Fill out JSON schema more (Documentation)
• Audit all commands for the following:
  • Correct State
  • Error Reporting
  • Argument Length checking
  • Length assertions
  • Error logging
  • Logging is correct severity

Once the following requirements are met, Wildboar IMAP Server moves into Release Candidate development. In Beta, no new features are added to Wildboar IMAP Server; only testing is performed and bugs are fixed.

• Static analysis
• Fuzz testing
• Achieve 100% test coverage
• Resilience testing with Chaos Monkey
• Invalid UTF fuzzing
• Performance profiling
• Denial of Service testing
• Memory leak tests
  • Repeatedly connecting and disconnecting
  • Running commands repeatedly
  • Repeatedly authenticating
• Test for timing attacks
• Test for directory traversal

Once the following requirements are met, Wildboar IMAP Server version 1.0.0 will be released.

• 100% JSDoc Documentation
• User Acceptance Testing

The following features will be added some time after the release of version 1.0.0.

• Visual Studio Solution
• Bazel build Configuration
• Sentry Configuration
• NPM Tasks
• Drop capabilities
• Cryptographically signed messages?
• Add environment variable for signing up an account for the email list
• Run each connection in a NodeJS Worker Thread