Vsevolod Stakhov
5 years ago
4 changed files with 25 additions and 2 deletions
+ 18
- 2
rules/misc.lua
View File
| @@ -101,25 +101,41 @@ rspamd_config.DATE_IN_PAST = { | |||
| type = 'mime', | |||
| } | |||
| rspamd_config.R_SUSPICIOUS_URL = { | |||
| local obscured_id = rspamd_config:register_symbol{ | |||
| callback = function(task) | |||
| local urls = task:get_urls() | |||
| if urls then | |||
| for _,u in ipairs(urls) do | |||
| if u:is_obscured() then | |||
| local fl = u:get_flags() | |||
| if fl.obscured then | |||
| task:insert_result('R_SUSPICIOUS_URL', 1.0, u:get_host()) | |||
| end | |||
| if fl.zw_spaces then | |||
| task:insert_result('ZERO_WIDTH_SPACE_URL', 1.0, u:get_host()) | |||
| end | |||
| end | |||
| end | |||
| return false | |||
| end, | |||
| name = 'R_SUSPICIOUS_URL', | |||
| score = 5.0, | |||
| one_shot = true, | |||
| description = 'Obfusicated or suspicious URL has been found in a message', | |||
| group = 'url' | |||
| } | |||
| rspamd_config:register_symbol{ | |||
| type = 'virtual', | |||
| name = 'ZERO_WIDTH_SPACE_URL', | |||
| score = 7.0, | |||
| one_shot = true, | |||
| description = 'Zero width space in url', | |||
| group = 'url', | |||
| parent = obscured_id, | |||
| } | |||
| rspamd_config.ENVFROM_PRVS = { | |||
| callback = function (task) | |||
+ 4
- 0
src/libserver/html.c
View File
| @@ -1351,6 +1351,10 @@ rspamd_html_process_url (rspamd_mempool_t *pool, const gchar *start, guint len, | |||
| if (norm_res & (RSPAMD_UNICODE_NORM_ZERO_SPACES|RSPAMD_UNICODE_NORM_ERROR)) { | |||
| saved_flags |= RSPAMD_URL_FLAG_OBSCURED; | |||
| if (norm_res & RSPAMD_UNICODE_NORM_ZERO_SPACES) { | |||
| saved_flags |= RSPAMD_URL_FLAG_ZW_SPACES; | |||
| } | |||
| } | |||
| rc = rspamd_url_parse (url, decoded, dlen, pool, RSPAMD_URL_PARSE_HREF); | |||
+ 1
- 0
src/libserver/url.h
View File
| @@ -27,6 +27,7 @@ enum rspamd_url_flags { | |||
| RSPAMD_URL_FLAG_HAS_USER = 1 << 14, | |||
| RSPAMD_URL_FLAG_SCHEMALESS = 1 << 15, | |||
| RSPAMD_URL_FLAG_UNNORMALISED = 1 << 16, | |||
| RSPAMD_URL_FLAG_ZW_SPACES = 1 << 17, | |||
| }; | |||
| struct rspamd_url_tag { | |||
+ 2
- 0
src/lua/lua_url.c
View File
| @@ -875,6 +875,7 @@ lua_url_all (lua_State *L) | |||
| * - `has_user`: URL has user part | |||
| * - `schemaless`: URL has no schema | |||
| * - `unnormalised`: URL has some unicode unnormalities | |||
| * - `zw_spaces`: URL has some zero width spaces | |||
| * @return {table} URL flags | |||
| */ | |||
| #define PUSH_FLAG(fl, name) do { \ | |||
| @@ -914,6 +915,7 @@ lua_url_get_flags (lua_State *L) | |||
| PUSH_FLAG (RSPAMD_URL_FLAG_HAS_USER, "has_user"); | |||
| PUSH_FLAG (RSPAMD_URL_FLAG_SCHEMALESS, "schemaless"); | |||
| PUSH_FLAG (RSPAMD_URL_FLAG_UNNORMALISED, "unnormalised"); | |||
| PUSH_FLAG (RSPAMD_URL_FLAG_ZW_SPACES, "zw_spaces"); | |||
| } | |||
| else { | |||
| return luaL_error (L, "invalid arguments"); | |||
Loading…