mirrors
/
rspamd
kopia lustrzana https://github.com/vstakhov/rspamd.git
Obserwuj 1
Gwiazdka 0
Forkuj 0
Kod Problemy 0 Wydania 159 Wiki Aktywność
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21210 Commity
28 Gałęzie
Gałąź: master
Gałęzie Tagi
${ item.name }
Utwórz gałąź ${ searchTerm }
z 'master'
${ noResults }
rspamd/lualib/lua_magic/init.lua

init.lua 11KB
Czysty Bezpośredni odnośnik Blame Historia

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. --[[[

  18. -- @module lua_magic

  19. -- This module contains file types detection logic

  20. --]]

  21. 

  22. local patterns = require "lua_magic/patterns"

  23. local types = require "lua_magic/types"

  24. local heuristics = require "lua_magic/heuristics"

  25. local fun = require "fun"

  26. local lua_util = require "lua_util"

  27. 

  28. local rspamd_text = require "rspamd_text"

  29. local rspamd_trie = require "rspamd_trie"

  30. 

  31. local N = "lua_magic"

  32. local exports = {}

  33. -- trie objects

  34. local compiled_patterns

  35. local compiled_short_patterns

  36. local compiled_tail_patterns

  37. -- {<str>, <match_object>, <pattern_object>} indexed by pattern number

  38. local processed_patterns = {}

  39. local short_patterns = {}

  40. local tail_patterns = {}

  41. 

  42. local short_match_limit = 128

  43. local max_short_offset = -1

  44. local min_tail_offset = math.huge

  45. 

  46. local function process_patterns(log_obj)

  47.   -- Add pattern to either short patterns or to normal patterns

  48.   local function add_processed(str, match, pattern)

  49.     if match.position and type(match.position) == 'number' then

  50.       if match.tail then

  51.         -- Tail pattern

  52.         tail_patterns[#tail_patterns + 1] = {

  53.           str, match, pattern

  54.         }

  55.         if min_tail_offset > match.tail then

  56.           min_tail_offset = match.tail

  57.         end

  58. 

  59.         lua_util.debugm(N, log_obj, 'add tail pattern %s for ext %s',

  60.             str, pattern.ext)

  61.       elseif match.position < short_match_limit then

  62.         short_patterns[#short_patterns + 1] = {

  63.           str, match, pattern

  64.         }

  65.         if str:sub(1, 1) == '^' then

  66.           lua_util.debugm(N, log_obj, 'add head pattern %s for ext %s',

  67.               str, pattern.ext)

  68.         else

  69.           lua_util.debugm(N, log_obj, 'add short pattern %s for ext %s',

  70.               str, pattern.ext)

  71.         end

  72. 

  73.         if max_short_offset < match.position then

  74.           max_short_offset = match.position

  75.         end

  76.       else

  77.         processed_patterns[#processed_patterns + 1] = {

  78.           str, match, pattern

  79.         }

  80. 

  81.         lua_util.debugm(N, log_obj, 'add long pattern %s for ext %s',

  82.             str, pattern.ext)

  83.       end

  84.     else

  85.       processed_patterns[#processed_patterns + 1] = {

  86.         str, match, pattern

  87.       }

  88. 

  89.       lua_util.debugm(N, log_obj, 'add long pattern %s for ext %s',

  90.           str, pattern.ext)

  91.     end

  92.   end

  93. 

  94.   if not compiled_patterns then

  95.     for ext, pattern in pairs(patterns) do

  96.       assert(types[ext], 'not found type: ' .. ext)

  97.       pattern.ext = ext

  98.       for _, match in ipairs(pattern.matches) do

  99.         if match.string then

  100.           if match.relative_position and not match.position then

  101.             match.position = match.relative_position + #match.string

  102. 

  103.             if match.relative_position == 0 then

  104.               if match.string:sub(1, 1) ~= '^' then

  105.                 match.string = '^' .. match.string

  106.               end

  107.             end

  108.           end

  109.           add_processed(match.string, match, pattern)

  110.         elseif match.hex then

  111.           local hex_table = {}

  112. 

  113.           for i = 1, #match.hex, 2 do

  114.             local subc = match.hex:sub(i, i + 1)

  115.             hex_table[#hex_table + 1] = string.format('\\x{%s}', subc)

  116.           end

  117. 

  118.           if match.relative_position and not match.position then

  119.             match.position = match.relative_position + #match.hex / 2

  120.           end

  121.           if match.relative_position == 0 then

  122.             table.insert(hex_table, 1, '^')

  123.           end

  124.           add_processed(table.concat(hex_table), match, pattern)

  125.         end

  126.       end

  127.     end

  128.     local bit = require "bit"

  129.     local compile_flags = bit.bor(rspamd_trie.flags.re, rspamd_trie.flags.dot_all)

  130.     compile_flags = bit.bor(compile_flags, rspamd_trie.flags.single_match)

  131.     compile_flags = bit.bor(compile_flags, rspamd_trie.flags.no_start)

  132.     compiled_patterns = rspamd_trie.create(fun.totable(

  133.         fun.map(function(t)

  134.           return t[1]

  135.         end, processed_patterns)),

  136.         compile_flags

  137.     )

  138.     compiled_short_patterns = rspamd_trie.create(fun.totable(

  139.         fun.map(function(t)

  140.           return t[1]

  141.         end, short_patterns)),

  142.         compile_flags

  143.     )

  144.     compiled_tail_patterns = rspamd_trie.create(fun.totable(

  145.         fun.map(function(t)

  146.           return t[1]

  147.         end, tail_patterns)),

  148.         compile_flags

  149.     )

  150. 

  151.     lua_util.debugm(N, log_obj,

  152.         'compiled %s (%s short; %s long; %s tail) patterns',

  153.         #processed_patterns + #short_patterns + #tail_patterns,

  154.         #short_patterns, #processed_patterns, #tail_patterns)

  155.   end

  156. end

  157. 

  158. process_patterns(rspamd_config)

  159. 

  160. local function match_chunk(chunk, input, tlen, offset, trie, processed_tbl, log_obj, res, part)

  161.   local matches = trie:match(chunk)

  162. 

  163.   local last = tlen

  164. 

  165.   local function add_result(weight, ext)

  166.     if not res[ext] then

  167.       res[ext] = 0

  168.     end

  169.     if weight then

  170.       res[ext] = res[ext] + weight

  171.     else

  172.       res[ext] = res[ext] + 1

  173.     end

  174. 

  175.     lua_util.debugm(N, log_obj, 'add pattern for %s, weight %s, total weight %s',

  176.         ext, weight, res[ext])

  177.   end

  178. 

  179.   local function match_position(pos, expected)

  180.     local cmp = function(a, b)

  181.       return a == b

  182.     end

  183.     if type(expected) == 'table' then

  184.       -- Something like {'>', 0}

  185.       if expected[1] == '>' then

  186.         cmp = function(a, b)

  187.           return a > b

  188.         end

  189.       elseif expected[1] == '>=' then

  190.         cmp = function(a, b)

  191.           return a >= b

  192.         end

  193.       elseif expected[1] == '<' then

  194.         cmp = function(a, b)

  195.           return a < b

  196.         end

  197.       elseif expected[1] == '<=' then

  198.         cmp = function(a, b)

  199.           return a <= b

  200.         end

  201.       elseif expected[1] == '!=' then

  202.         cmp = function(a, b)

  203.           return a ~= b

  204.         end

  205.       end

  206.       expected = expected[2]

  207.     end

  208. 

  209.     -- Tail match

  210.     if expected < 0 then

  211.       expected = last + expected + 1

  212.     end

  213.     return cmp(pos, expected)

  214.   end

  215. 

  216.   for npat, matched_positions in pairs(matches) do

  217.     local pat_data = processed_tbl[npat]

  218.     local pattern = pat_data[3]

  219.     local match = pat_data[2]

  220. 

  221.     -- Single position

  222.     if match.position then

  223.       local position = match.position

  224. 

  225.       for _, pos in ipairs(matched_positions) do

  226.         lua_util.debugm(N, log_obj, 'found match %s at offset %s(from %s)',

  227.             pattern.ext, pos, offset)

  228.         if match_position(pos + offset, position) then

  229.           if match.heuristic then

  230.             local ext, weight = match.heuristic(input, log_obj, pos + offset, part)

  231. 

  232.             if ext then

  233.               add_result(weight, ext)

  234.               break

  235.             end

  236.           else

  237.             add_result(match.weight, pattern.ext)

  238.             break

  239.           end

  240.         end

  241.       end

  242.     elseif match.positions then

  243.       -- Match all positions

  244.       local all_right = true

  245.       local matched_pos = 0

  246.       for _, position in ipairs(match.positions) do

  247.         local matched = false

  248.         for _, pos in ipairs(matched_positions) do

  249.           lua_util.debugm(N, log_obj, 'found match %s at offset %s(from %s)',

  250.               pattern.ext, pos, offset)

  251.           if not match_position(pos + offset, position) then

  252.             matched = true

  253.             matched_pos = pos

  254.             break

  255.           end

  256.         end

  257.         if not matched then

  258.           all_right = false

  259.           break

  260.         end

  261.       end

  262. 

  263.       if all_right then

  264.         if match.heuristic then

  265.           local ext, weight = match.heuristic(input, log_obj, matched_pos + offset, part)

  266. 

  267.           if ext then

  268.             add_result(weight, ext)

  269.             break

  270.           end

  271.         else

  272.           add_result(match.weight, pattern.ext)

  273.           break

  274.         end

  275.       end

  276.     end

  277.   end

  278. 

  279. end

  280. 

  281. local function process_detected(res)

  282.   local extensions = lua_util.keys(res)

  283. 

  284.   if #extensions > 0 then

  285.     table.sort(extensions, function(ex1, ex2)

  286.       return res[ex1] > res[ex2]

  287.     end)

  288. 

  289.     return extensions, res[extensions[1]]

  290.   end

  291. 

  292.   return nil

  293. end

  294. 

  295. exports.detect = function(part, log_obj)

  296.   if not log_obj then

  297.     log_obj = rspamd_config

  298.   end

  299.   local input = part:get_content()

  300. 

  301.   local res = {}

  302. 

  303.   if type(input) == 'string' then

  304.     -- Convert to rspamd_text

  305.     input = rspamd_text.fromstring(input)

  306.   end

  307. 

  308.   if type(input) == 'userdata' then

  309.     local inplen = #input

  310. 

  311.     -- Check tail matches

  312.     if inplen > min_tail_offset then

  313.       local tail = input:span(inplen - min_tail_offset, min_tail_offset)

  314.       match_chunk(tail, input, inplen, inplen - min_tail_offset,

  315.           compiled_tail_patterns, tail_patterns, log_obj, res, part)

  316.     end

  317. 

  318.     -- Try short match

  319.     local head = input:span(1, math.min(max_short_offset, inplen))

  320.     match_chunk(head, input, inplen, 0,

  321.         compiled_short_patterns, short_patterns, log_obj, res, part)

  322. 

  323.     -- Check if we have enough data or go to long patterns

  324.     local extensions, confidence = process_detected(res)

  325. 

  326.     if extensions and #extensions > 0 and confidence > 30 then

  327.       -- We are done on short patterns

  328.       return extensions[1], types[extensions[1]]

  329.     end

  330. 

  331.     -- No way, let's check data in chunks or just the whole input if it is small enough

  332.     if #input > exports.chunk_size * 3 then

  333.       -- Chunked version as input is too long

  334.       local chunk1, chunk2 = input:span(1, exports.chunk_size * 2),

  335.       input:span(inplen - exports.chunk_size, exports.chunk_size)

  336.       local offset1, offset2 = 0, inplen - exports.chunk_size

  337. 

  338.       match_chunk(chunk1, input, inplen,

  339.           offset1, compiled_patterns, processed_patterns, log_obj, res, part)

  340.       match_chunk(chunk2, input, inplen,

  341.           offset2, compiled_patterns, processed_patterns, log_obj, res, part)

  342.     else

  343.       -- Input is short enough to match it at all

  344.       match_chunk(input, input, inplen, 0,

  345.           compiled_patterns, processed_patterns, log_obj, res, part)

  346.     end

  347.   else

  348.     -- Table input is NYI

  349.     assert(0, 'table input for match')

  350.   end

  351. 

  352.   local extensions = process_detected(res)

  353. 

  354.   if extensions and #extensions > 0 then

  355.     return extensions[1], types[extensions[1]]

  356.   end

  357. 

  358.   -- Nothing found

  359.   return nil

  360. end

  361. 

  362. exports.detect_mime_part = function(part, log_obj)

  363.   local ext, weight = heuristics.mime_part_heuristic(part, log_obj)

  364. 

  365.   if ext and weight and weight > 20 then

  366.     return ext, types[ext]

  367.   end

  368. 

  369.   ext = exports.detect(part, log_obj)

  370. 

  371.   if ext then

  372.     return ext, types[ext]

  373.   end

  374. 

  375.   -- Text/html and other parts

  376.   ext, weight = heuristics.text_part_heuristic(part, log_obj)

  377.   if ext and weight and weight > 20 then

  378.     return ext, types[ext]

  379.   end

  380. end

  381. 

  382. -- This parameter specifies how many bytes are checked in the input

  383. -- Rspamd checks 2 chunks at start and 1 chunk at the end

  384. exports.chunk_size = 32768

  385. 

  386. exports.types = types

  387. 

  388. return exports