[Feature] Lua_util: Allow to obfuscate different fields

diff --git a/lualib/lua_util.lua b/lualib/lua_util.lua
index 4f185ecab70177d0b1470f12731d33a723b006a2..27df2c72ec69cbd0693887eff66059b16554d582 100644 (file)
--- a/lualib/lua_util.lua
+++ b/lualib/lua_util.lua
@@ -934,29 +934,31 @@ exports.get_task_verdict = function(task)
 end
 
 ---[[[
--- @function lua_util.maybe_obfuscate_subject(subject, settings)
--- Obfuscate subject if enabled in settings. Also checks utf8 validity.
+-- @function lua_util.maybe_obfuscate_string(subject, settings, prefix)
+-- Obfuscate string if enabled in settings. Also checks utf8 validity.
 -- Supported settings:
--- * subject_privacy = false - subject privacy is off
--- * subject_privacy_alg = 'blake2' - default hash-algorithm to obfuscate subject
--- * subject_privacy_prefix = 'obf' - prefix to show it's obfuscated
--- * subject_privacy_length = 16 - cut the length of the hash
+-- * <prefix>_privacy = false - subject privacy is off
+-- * <prefix>_privacy_alg = 'blake2' - default hash-algorithm to obfuscate subject
+-- * <prefix>_privacy_prefix = 'obf' - prefix to show it's obfuscated
+-- * <prefix>_privacy_length = 16 - cut the length of the hash
 -- @return obfuscated or validated subject
 --]]
 
-exports.maybe_obfuscate_subject = function(subject, settings)
+exports.maybe_obfuscate_string = function(subject, settings, prefix)
   local hash = require 'rspamd_cryptobox_hash'
   if subject and not rspamd_util.is_valid_utf8(subject) then
     subject = '???'
-  elseif settings.subject_privacy then
-    local hash_alg = settings.subject_privacy_alg or 'blake2'
+  elseif settings[prefix .. '_privacy'] then
+    local hash_alg = settings[prefix .. '_privacy_alg'] or 'blake2'
     local subject_hash = hash.create_specific(hash_alg, subject)
+    local strip_len = settings[prefix .. '_privacy_length']
+    local privacy_prefix = settings[prefix .. '_privacy_prefix'] or ''
 
-    if settings.subject_privacy_length then
-      subject = (settings.subject_privacy_prefix or 'obf') .. ':' ..
-          subject_hash:hex():sub(1, settings.subject_privacy_length)
+    if strip_len then
+      subject = privacy_prefix .. ':' ..
+          subject_hash:hex():sub(1, strip_len)
     else
-      subject = (settings.subject_privacy_prefix or '') .. ':' ..
+      subject = privacy_prefix .. ':' ..
           subject_hash:hex()
     end
   end

diff --git a/src/plugins/lua/clickhouse.lua b/src/plugins/lua/clickhouse.lua
index c3be9e2d9d4e5c3bdd068c0d0cbd98bc1c329e7a..9559ef5cb630116ba74d26f08620945e3a23d377 100644 (file)
--- a/src/plugins/lua/clickhouse.lua
+++ b/src/plugins/lua/clickhouse.lua
@@ -438,7 +438,8 @@ local function clickhouse_collect(task)
   end
 
   local list_id = task:get_header('List-Id') or ''
-  local message_id = task:get_message_id() or ''
+  local message_id = lua_util.maybe_obfuscate_string(task:get_message_id() or '',
+      settings, 'mid')
 
   local score = task:get_metric_score('default')[1];
   local bayes = 'unknown';
@@ -589,7 +590,7 @@ local function clickhouse_collect(task)
 
   local subject = ''
   if settings.insert_subject then
-    subject = lua_util.maybe_obfuscate_subject(task:get_subject() or '', settings)
+    subject = lua_util.maybe_obfuscate_string(task:get_subject() or '', settings, 'subject')
   end
 
   local scan_real,scan_virtual = task:get_scan_time()

diff --git a/src/plugins/lua/history_redis.lua b/src/plugins/lua/history_redis.lua
index c18ea736cb97be876674dcc9d3d4f8c24c5e1682..ed97cb7fea7d14b3831c33e8255231bfabc7f898 100644 (file)
--- a/src/plugins/lua/history_redis.lua
+++ b/src/plugins/lua/history_redis.lua
@@ -207,7 +207,7 @@ local function handle_history_request(task, conn, from, to, reset)
         collectgarbage()
         t1 = rspamd_util:get_ticks()
         fun.each(function(e)
-          e.subject = lua_util.maybe_obfuscate_subject(e.subject, settings)
+          e.subject = lua_util.maybe_obfuscate_string(e.subject, settings, 'subject')
         end, data)
         reply.rows = data
         conn:send_ucl(reply)