mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7831 Commits
28 Branches
Branch: rspamd-1.3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'rspamd-1.3'
${ noResults }
rspamd/rules/html.lua

html.lua 6.9KB
Raw Permalink Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232 
  1. -- Licensed to the Apache Software Foundation (ASF) under one or more

  2. -- contributor license agreements.  See the NOTICE file distributed with

  3. -- this work for additional information regarding copyright ownership.

  4. -- The ASF licenses this file to you under the Apache License, Version 2.0

  5. -- (the "License"); you may not use this file except in compliance with

  6. -- the License.  You may obtain a copy of the License at:

  7. --

  8. --     http://www.apache.org/licenses/LICENSE-2.0

  9. --

  10. -- Unless required by applicable law or agreed to in writing, software

  11. -- distributed under the License is distributed on an "AS IS" BASIS,

  12. -- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. -- See the License for the specific language governing permissions and

  14. -- limitations under the License.

  15. 

  16. local reconf = config['regexp']

  17. local rspamd_regexp = require "rspamd_regexp"

  18. local rspamd_logger = require "rspamd_logger"

  19. 

  20. -- Messages that have only HTML part

  21. reconf['MIME_HTML_ONLY'] = 'has_only_html_part()'

  22. 

  23. local function check_html_image(task, min, max)

  24.   local tp = task:get_text_parts()

  25. 

  26.   for _,p in ipairs(tp) do

  27.     if p:is_html() then

  28.       local hc = p:get_html()

  29.       local len = p:get_length()

  30. 

  31. 

  32.       if hc and len >= min and len < max then

  33.         local images = hc:get_images()

  34.         if images then

  35.           for _,i in ipairs(images) do

  36.             local tag = i['tag']

  37.             if tag then

  38.               local parent = tag:get_parent()

  39.               if parent then

  40.                 if parent:get_type() == 'a' then

  41.                   -- do not trigger on small and unknown size images

  42.                   if i['height'] + i['width'] >= 210 or not i['embedded'] then

  43.                     return true

  44.                   end

  45.                 end

  46.               end

  47.             end

  48.           end

  49.         end

  50.       end

  51.     end

  52.   end

  53. end

  54. 

  55. rspamd_config.HTML_SHORT_LINK_IMG_1 = {

  56.   callback = function(task)

  57.     return check_html_image(task, 0, 1024)

  58.   end,

  59.   score = 3.0,

  60.   group = 'html',

  61.   description = 'Short html part (0..1K) with a link to an image'

  62. }

  63. 

  64. rspamd_config.HTML_SHORT_LINK_IMG_2 = {

  65.   callback = function(task)

  66.     return check_html_image(task, 1024, 1536)

  67.   end,

  68.   score = 1.0,

  69.   group = 'html',

  70.   description = 'Short html part (1K..1.5K) with a link to an image'

  71. }

  72. 

  73. rspamd_config.HTML_SHORT_LINK_IMG_3 = {

  74.   callback = function(task)

  75.     return check_html_image(task, 1536, 2048)

  76.   end,

  77.   score = 0.5,

  78.   group = 'html',

  79.   description = 'Short html part (1.5K..2K) with a link to an image'

  80. }

  81. rspamd_config.R_EMPTY_IMAGE = {

  82.   callback = function(task)

  83.     local tp = task:get_text_parts() -- get text parts in a message

  84. 

  85.     for _,p in ipairs(tp) do -- iterate over text parts array using `ipairs`

  86.       if p:is_html() then -- if the current part is html part

  87.         local hc = p:get_html() -- we get HTML context

  88.         local len = p:get_length() -- and part's length

  89. 

  90.         if hc and len < 50 then -- if we have a part that has less than 50 bytes of text

  91.           local images = hc:get_images() -- then we check for HTML images

  92. 

  93.           if images then -- if there are images

  94.             for _,i in ipairs(images) do -- then iterate over images in the part

  95.               if i['height'] + i['width'] >= 400 then -- if we have a large image

  96.                 local tag = i['tag']

  97.                 if tag then

  98.                   local parent = tag:get_parent()

  99.                   if parent then

  100.                     if parent:get_type() ~= 'a' then

  101.                       return true

  102.                     end

  103.                   end

  104.                 end

  105.               end

  106.             end

  107.           end

  108.         end

  109.       end

  110.     end

  111.   end,

  112. 

  113.   score = 2.0,

  114.   group = 'html',

  115.   description = 'Message contains empty parts and image'

  116. }

  117. 

  118. rspamd_config.R_SUSPICIOUS_IMAGES = {

  119.   callback = function(task)

  120.     local tp = task:get_text_parts() -- get text parts in a message

  121. 

  122.     for _, p in ipairs(tp) do

  123.       local h = p:get_html()

  124. 

  125.       if h then

  126.         local l = p:get_words_count()

  127.         local img = h:get_images()

  128.         local pic_words = 0

  129. 

  130.         if img then

  131.           for _, i in ipairs(img) do

  132.             local dim = i['width'] + i['height']

  133.             local tag = i['tag']

  134. 

  135.             if tag then

  136.               local parent = tag:get_parent()

  137.               if parent then

  138.                 if parent:get_type() == 'a' then

  139.                   -- do not trigger on small and large images

  140.                   if dim > 100 and dim < 3000 then

  141.                     -- We assume that a single picture 100x200 contains approx 3 words of text

  142.                     pic_words = pic_words + dim / 100

  143.                   end

  144.                 end

  145.               end

  146.             end

  147.           end

  148.         end

  149. 

  150.         if l + pic_words > 0 then

  151.           local rel = pic_words / (l + pic_words)

  152. 

  153.           if rel > 0.5 then

  154.             return true, (rel - 0.5) * 2

  155.           end

  156.         end

  157.       end

  158.     end

  159. 

  160.     return false

  161.   end,

  162. 

  163.   score = 5.0,

  164.   group = 'html',

  165.   description = 'Message contains many suspicious messages'

  166. }

  167. 

  168. rspamd_config.R_WHITE_ON_WHITE = {

  169.   callback = function(task)

  170.     local tp = task:get_text_parts() -- get text parts in a message

  171.     local ret = false

  172.     local diff = 0.0

  173.     local normal_len = 0

  174.     local transp_len = 0

  175.     local arg

  176. 

  177.     for _,p in ipairs(tp) do -- iterate over text parts array using `ipairs`

  178.       if p:is_html() and p:get_html() then -- if the current part is html part

  179.         normal_len = p:get_length()

  180.         local hc = p:get_html() -- we get HTML context

  181. 

  182.         hc:foreach_tag('font', function(tag, len)

  183.           local bl = tag:get_extra()

  184.           if bl then

  185.             if bl['bgcolor'] and bl['color'] then

  186.               local color = bl['color']

  187.               local bgcolor = bl['bgcolor']

  188.               -- Should use visual approach here some day

  189.               local diff_r = math.abs(color[1] - bgcolor[1]) / 255.0

  190.               local diff_g = math.abs(color[2] - bgcolor[2]) / 255.0

  191.               local diff_b = math.abs(color[3] - bgcolor[3]) / 255.0

  192.               diff = (diff_r + diff_g + diff_b) / 3.0

  193. 

  194.               if diff < 0.1 then

  195.                 ret = true

  196.                 transp_len = (transp_len + tag:get_content_length()) *

  197.                   (0.1 - diff) * 5.0

  198.                 normal_len = normal_len - tag:get_content_length()

  199.                 if not arg then

  200.                   arg = string.format('%s color #%x%x%x bgcolor #%x%x%x',

  201.                     tostring(tag:get_type()),

  202.                     color[1], color[2], color[3],

  203.                     bgcolor[1], bgcolor[2], bgcolor[3])

  204.                 end

  205.               else

  206. 

  207.               end

  208.             end

  209.           end

  210. 

  211.           return false -- Continue search

  212.         end)

  213. 

  214.       end

  215.     end

  216. 

  217.     if ret then

  218.       if normal_len < 0 then normal_len = 0 end

  219.       local transp_rate = transp_len / (normal_len + transp_len)

  220. 

  221.       if transp_rate > 0.1 then

  222.         return true,(transp_rate * 2.0),arg

  223.       end

  224.     end

  225. 

  226.     return false

  227.   end,

  228. 

  229.   score = 6.0,

  230.   group = 'html',

  231.   description = 'Message contains low contrast text'

  232. }