From c203493c90484c9fba6102338a63c36e62511718 Mon Sep 17 00:00:00 2001 From: Vsevolod Stakhov Date: Wed, 8 Nov 2023 14:34:33 +0000 Subject: [PATCH] [Feature] Reiterate on gtube patterns --- src/libmime/message.c | 16 ++++++------ src/libserver/cfg_file.h | 38 +++++++++++++++++------------ src/libserver/cfg_rcl.cxx | 35 +++++++++++++++++++++----- src/libserver/cfg_utils.cxx | 1 + test/functional/configs/milter.conf | 2 +- 5 files changed, 60 insertions(+), 32 deletions(-) diff --git a/src/libmime/message.c b/src/libmime/message.c index 327b546e7..0c11f5075 100644 --- a/src/libmime/message.c +++ b/src/libmime/message.c @@ -1,11 +1,11 @@ -/*- - * Copyright 2016 Vsevolod Stakhov +/* + * Copyright 2023 Vsevolod Stakhov * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * - * http://www.apache.org/licenses/LICENSE-2.0 + * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, @@ -638,7 +638,7 @@ rspamd_multipattern_gtube_cb(struct rspamd_multipattern *mp, struct rspamd_task *task = (struct rspamd_task *) context; if (strnum > 0) { - if (task->cfg->enable_test_patterns) { + if (task->cfg->gtube_patterns_policy == RSPAMD_GTUBE_ALL) { return strnum + 1; } @@ -656,7 +656,7 @@ rspamd_check_gtube(struct rspamd_task *task, struct rspamd_mime_text_part *part) enum rspamd_action_type act = METRIC_ACTION_NOACTION; g_assert(part != NULL); - if (gtube_matcher == NULL) { + if (gtube_matcher == NULL && task->cfg->gtube_patterns_policy != RSPAMD_GTUBE_DISABLED) { gtube_matcher = rspamd_multipattern_create(RSPAMD_MULTIPATTERN_DEFAULT); rspamd_multipattern_add_pattern(gtube_matcher, @@ -683,7 +683,8 @@ rspamd_check_gtube(struct rspamd_task *task, struct rspamd_mime_text_part *part) } if (part->utf_content.len >= sizeof(gtube_pattern_reject) && - part->utf_content.len <= max_check_size) { + part->utf_content.len <= max_check_size && + task->cfg->gtube_patterns_policy != RSPAMD_GTUBE_DISABLED) { if ((ret = rspamd_multipattern_lookup(gtube_matcher, part->utf_content.begin, part->utf_content.len, rspamd_multipattern_gtube_cb, task, NULL)) > 0) { @@ -693,15 +694,12 @@ rspamd_check_gtube(struct rspamd_task *task, struct rspamd_mime_text_part *part) act = METRIC_ACTION_REJECT; break; case 2: - g_assert(task->cfg->enable_test_patterns); act = METRIC_ACTION_ADD_HEADER; break; case 3: - g_assert(task->cfg->enable_test_patterns); act = METRIC_ACTION_REWRITE_SUBJECT; break; case 4: - g_assert(task->cfg->enable_test_patterns); act = METRIC_ACTION_NOACTION; break; } diff --git a/src/libserver/cfg_file.h b/src/libserver/cfg_file.h index 22f754938..4cb87d974 100644 --- a/src/libserver/cfg_file.h +++ b/src/libserver/cfg_file.h @@ -312,6 +312,12 @@ enum rspamd_config_settings_policy { RSPAMD_SETTINGS_POLICY_IMPLICIT_DENY = 2, }; +enum rspamd_gtube_patterns_policy { + RSPAMD_GTUBE_DISABLED = 0, /* Disabled */ + RSPAMD_GTUBE_REJECT, /* Reject message with GTUBE pattern */ + RSPAMD_GTUBE_ALL /* Check all GTUBE like patterns */ +}; + struct rspamd_config_settings_elt { guint32 id; enum rspamd_config_settings_policy policy; @@ -344,22 +350,22 @@ struct rspamd_config { GHashTable *groups; /**< groups of symbols */ void *actions; /**< all actions of the metric (opaque type) */ - gboolean one_shot_mode; /**< rules add only one symbol */ - gboolean check_text_attachements; /**< check text attachements as text */ - gboolean check_all_filters; /**< check all filters */ - gboolean allow_raw_input; /**< scan messages with invalid mime */ - gboolean disable_hyperscan; /**< disable hyperscan usage */ - gboolean vectorized_hyperscan; /**< use vectorized hyperscan matching */ - gboolean enable_shutdown_workaround; /**< enable workaround for legacy SA clients (exim) */ - gboolean ignore_received; /**< Ignore data from the first received header */ - gboolean enable_sessions_cache; /**< Enable session cache for debug */ - gboolean enable_experimental; /**< Enable experimental plugins */ - gboolean disable_pcre_jit; /**< Disable pcre JIT */ - gboolean own_lua_state; /**< True if we have created lua_state internally */ - gboolean soft_reject_on_timeout; /**< If true emit soft reject on task timeout (if not reject) */ - gboolean public_groups_only; /**< Output merely public groups everywhere */ - gboolean enable_test_patterns; /**< Enable test patterns */ - gboolean enable_css_parser; /**< Enable css parsing in HTML */ + gboolean one_shot_mode; /**< rules add only one symbol */ + gboolean check_text_attachements; /**< check text attachements as text */ + gboolean check_all_filters; /**< check all filters */ + gboolean allow_raw_input; /**< scan messages with invalid mime */ + gboolean disable_hyperscan; /**< disable hyperscan usage */ + gboolean vectorized_hyperscan; /**< use vectorized hyperscan matching */ + gboolean enable_shutdown_workaround; /**< enable workaround for legacy SA clients (exim) */ + gboolean ignore_received; /**< Ignore data from the first received header */ + gboolean enable_sessions_cache; /**< Enable session cache for debug */ + gboolean enable_experimental; /**< Enable experimental plugins */ + gboolean disable_pcre_jit; /**< Disable pcre JIT */ + gboolean own_lua_state; /**< True if we have created lua_state internally */ + gboolean soft_reject_on_timeout; /**< If true emit soft reject on task timeout (if not reject) */ + gboolean public_groups_only; /**< Output merely public groups everywhere */ + enum rspamd_gtube_patterns_policy gtube_patterns_policy; /**< Enable test patterns */ + gboolean enable_css_parser; /**< Enable css parsing in HTML */ gsize max_cores_size; /**< maximum size occupied by rspamd core files */ gsize max_cores_count; /**< maximum number of core files */ diff --git a/src/libserver/cfg_rcl.cxx b/src/libserver/cfg_rcl.cxx index 3f6ca2c56..fbfcbcd34 100644 --- a/src/libserver/cfg_rcl.cxx +++ b/src/libserver/cfg_rcl.cxx @@ -347,6 +347,35 @@ rspamd_rcl_options_handler(rspamd_mempool_t *pool, const ucl_object_t *obj, } } + const auto *gtube_patterns = ucl_object_lookup(obj, "gtube_patterns"); + if (gtube_patterns != nullptr && ucl_object_type(gtube_patterns) == UCL_STRING) { + const auto *gtube_st = ucl_object_tostring(gtube_patterns); + + if (g_ascii_strcasecmp(gtube_st, "all") == 0) { + cfg->gtube_patterns_policy = RSPAMD_GTUBE_ALL; + } + else if (g_ascii_strcasecmp(gtube_st, "reject") == 0) { + cfg->gtube_patterns_policy = RSPAMD_GTUBE_REJECT; + } + else if (g_ascii_strcasecmp(gtube_st, "disable") == 0) { + cfg->gtube_patterns_policy = RSPAMD_GTUBE_DISABLED; + } + else { + g_set_error(err, + CFG_RCL_ERROR, + EINVAL, + "invalid GTUBE patterns policy: %s", + gtube_st); + return FALSE; + } + } + else if (auto *enable_test_patterns = ucl_object_lookup(obj, "enable_test_patterns"); enable_test_patterns != nullptr) { + /* Legacy setting */ + if (!!ucl_object_toboolean(enable_test_patterns)) { + cfg->gtube_patterns_policy = RSPAMD_GTUBE_ALL; + } + } + if (rspamd_rcl_section_parse_defaults(cfg, *section, cfg->cfg_pool, obj, cfg, err)) { @@ -1876,12 +1905,6 @@ rspamd_rcl_config_init(struct rspamd_config *cfg, GHashTable *skip_sections) G_STRUCT_OFFSET(struct rspamd_config, public_groups_only), 0, "Output merely public groups everywhere"); - rspamd_rcl_add_default_handler(sub, - "enable_test_patterns", - rspamd_rcl_parse_struct_boolean, - G_STRUCT_OFFSET(struct rspamd_config, enable_test_patterns), - 0, - "Enable test GTUBE like patterns (not for production!)"); rspamd_rcl_add_default_handler(sub, "enable_css_parser", rspamd_rcl_parse_struct_boolean, diff --git a/src/libserver/cfg_utils.cxx b/src/libserver/cfg_utils.cxx index 416d52e05..e22cbe9e3 100644 --- a/src/libserver/cfg_utils.cxx +++ b/src/libserver/cfg_utils.cxx @@ -286,6 +286,7 @@ rspamd_config_new(enum rspamd_config_init_flags flags) cfg->max_recipients = 1024; cfg->max_blas_threads = 1; cfg->max_opts_len = 4096; + cfg->gtube_patterns_policy = RSPAMD_GTUBE_REJECT; /* Default log line */ cfg->log_format_str = rspamd_mempool_strdup(cfg->cfg_pool, diff --git a/test/functional/configs/milter.conf b/test/functional/configs/milter.conf index aaf148c12..dc623c82d 100644 --- a/test/functional/configs/milter.conf +++ b/test/functional/configs/milter.conf @@ -3,7 +3,7 @@ options = { url_tld = "{= env.URL_TLD =}" pidfile = "{= env.TMPDIR =}/rspamd.pid" lua_path = "{= env.INSTALLROOT =}/share/rspamd/lib/?.lua"; - enable_test_patterns = true; + gtube_patterns = "all"; dns { nameserver = ["8.8.8.8", "8.8.4.4"]; retransmits = 10; -- 2.39.5