Address v3.2.0 EWS review findings: security hardening, dead-config cleanup, and targeted test coverage#55
Draft
Address v3.2.0 EWS review findings: security hardening, dead-config cleanup, and targeted test coverage#55
Conversation
Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: ziembor <1870879+ziembor@users.noreply.github.com>
New subcommand: gomailtest ews - testconnect — HTTP/TLS probe, reports cert chain and response code - testauth — GetFolder(Inbox) to verify credentials - getfolder — GetFolder(Inbox) with folder stats output - autodiscover — SOAP Autodiscover to resolve internal/external EWS URLs Auth: NTLM (go-ntlmssp), Basic, Bearer (OAuth2), auto-detection New dependency: github.com/Azure/go-ntlmssp Migration plan: migration/3.2_MIGRATION_PLAN_EWS.md Co-Authored-By: Claude Sonnet 4.6 (1M context) <noreply@anthropic.com> Co-authored-by: ziembor <1870879+ziembor@users.noreply.github.com>
Agent-Logs-Url: https://github.com/ziembor/gomailtesttool/sessions/9ff4a193-0feb-49dc-9194-a7253c2912df Co-authored-by: ziembor <1870879+ziembor@users.noreply.github.com>
…leanup, and targeted test coverage Agent-Logs-Url: https://github.com/ziembor/gomailtesttool/sessions/9ff4a193-0feb-49dc-9194-a7253c2912df Co-authored-by: ziembor <1870879+ziembor@users.noreply.github.com>
Copilot created this pull request from a session on behalf of
ziembor
April 13, 2026 11:26
View session
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR implements the action plan from the latest v3.2.0 EWS review by resolving merge-blocking security/correctness issues and removing misleading EWS options that had no runtime effect. It also aligns migration docs with the implemented dependency stack and adds focused unit coverage for EWS config and TLS helpers.
Security and robustness fixes
SendSOAP,SendAutodiscover) viaio.LimitReader(4 MiB cap).fmt.Errorf("%s", ...)witherrors.New(...)in EWS action error returns.Correctness and UX
min()helper fromtestauth.go(conflicted with Go builtin on modern Go versions)....only when truncation actually occurs.getFolderSOAPBody) intosoap_bodies.gofor clearer ownership/reuse.Dead configuration removal (EWS-specific)
maxretries/retrydelayoutput/OutputFormatDependency and migration-doc alignment
migration/3.2_MIGRATION_PLAN_EWS.mdto reflect actual implementation (github.com/Azure/go-ntlmssp, notgo-ews).github.com/Azure/go-ntlmssptov0.1.0.Targeted test additions
internal/protocols/ews/config_test.gocovering:validateConfigurationresolveAuthMethodConfigFromViperbuildTLSConfigcertCSVFieldsExample of the key hardening change: