From: Dmitriy Alekseev <1865999+dragoangel@users.noreply.github.com> Date: Mon, 21 Aug 2023 17:17:27 +0000 (+0300) Subject: Update phishing.lua X-Git-Tag: 3.7.1~68^2 X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=77b10dbe2e32bec8b60cae6d51d8a7517ace3a1d;p=rspamd.git Update phishing.lua --- diff --git a/src/plugins/lua/phishing.lua b/src/plugins/lua/phishing.lua index cd28ad05d..05e08c0f4 100644 --- a/src/plugins/lua/phishing.lua +++ b/src/plugins/lua/phishing.lua @@ -69,17 +69,21 @@ local function is_host_excluded(exclusion_map, host) end local function phishing_cb(task) - local function check_phishing_map(map, exclusion_map, url, phish_symbol, excl_symbol) + local function check_phishing_map(table) + local phishing_data = {} + for k,v in pairs(table) do + phishing_data[k] = v + end + local url = phishing_data.url local host = url:get_host() - local excl_host = is_host_excluded(exclusion_map, host) - if excl_host then - task:insert_result(excl_symbol, 0.0, host) + if is_host_excluded(phishing_data.exclusion_map, host) then + task:insert_result(phishing_data.excl_symbol, 1.0, host) return end if host then - local elt = map[host] + local elt = phishing_data.map[host] local found_path = false local found_query = false local data = nil @@ -132,51 +136,57 @@ local function phishing_cb(task) if found_query then -- Query + path match - task:insert_result(phish_symbol, 1.0, args) + task:insert_result(phishing_data.phish_symbol, 1.0, args) else -- Host + path match if path then - task:insert_result(phish_symbol, 0.3, args) + task:insert_result(phishing_data.phish_symbol, 0.3, args) end -- No path, no symbol end else if url:is_phished() then -- Only host matches - task:insert_result(phish_symbol, 0.1, host) + task:insert_result(phishing_data.phish_symbol, 0.1, host) end end end end end - local function check_phishing_dns(dns_suffix, exclusion_map, url, phish_symbol, excl_symbol) + local function check_phishing_dns(table) + local phishing_data = {} + for k,v in pairs(table) do + phishing_data[k] = v + end + local url = phishing_data.url + local host = url:get_host() + + if is_host_excluded(phishing_data.exclusion_map, host) then + task:insert_result(phishing_data.excl_symbol, 1.0, host) + return + end + local function compose_dns_query(elts) local cr = require "rspamd_cryptobox_hash" local h = cr.create() for _, elt in ipairs(elts) do h:update(elt) end - return string.format("%s.%s", h:base32():sub(1, 32), dns_suffix) + return string.format("%s.%s", h:base32():sub(1, 32), phishing_data.dns_suffix) end + local r = task:get_resolver() - local host = url:get_host() local path = url:get_path() local query = url:get_query() - local excl_host = is_host_excluded(exclusion_map, host) - if excl_host then - task:insert_result(excl_symbol, 0.0, host) - return - end - if host and path then local function host_host_path_cb(_, _, results, err) if not err and results then if not query then - task:insert_result(phish_symbol, 1.0, results) + task:insert_result(phishing_data.phish_symbol, 1.0, results) else - task:insert_result(phish_symbol, 0.3, results) + task:insert_result(phishing_data.phish_symbol, 0.3, results) end end end @@ -192,7 +202,7 @@ local function phishing_cb(task) if query then local function host_host_path_query_cb(_, _, results, err) if not err and results then - task:insert_result(phish_symbol, 1.0, results) + task:insert_result(phishing_data.phish_symbol, 1.0, results) end end @@ -223,16 +233,26 @@ local function phishing_cb(task) local function do_loop_iter() -- to emulate continue local url = url_iter + local phishing_data = {} + phishing_data.url = url + phishing_data.exclusion_map = phishing_feed_exclusion_data + phishing_data.excl_symbol = phishing_feed_exclusion_symbol if generic_service_hash then - check_phishing_map(generic_service_data, phishing_feed_exclusion_data, url, generic_service_symbol, phishing_feed_exclusion_symbol) + phishing_data.map = generic_service_data + phishing_data.phish_symbol = generic_service_symbol + check_phishing_map(phishing_data) end if openphish_hash then - check_phishing_map(openphish_data, phishing_feed_exclusion_data, url, openphish_symbol, phishing_feed_exclusion_symbol) + phishing_data.map = openphish_data + phishing_data.phish_symbol = openphish_symbol + check_phishing_map(phishing_data) end if phishtank_enabled then - check_phishing_dns(phishtank_suffix, phishing_feed_exclusion_data, url, phishtank_symbol, phishing_feed_exclusion_symbol) + phishing_data.dns_suffix = phishtank_suffix + phishing_data.phish_symbol = phishtank_symbol + check_phishing_dns(phishing_data) end if url:is_phished() then