mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17984 Commits
29 Branches
Tree: 53851cbe0f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '53851cbe0f'
${ noResults }
rspamd/lualib/lua_selectors/extractors.lua

extractors.lua 15KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521 
  1. --[[

  2. Copyright (c) 2019, Vsevolod Stakhov <vsevolod@highsecure.ru>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. local fun = require 'fun'

  18. local meta_functions = require "lua_meta"

  19. local lua_util = require "lua_util"

  20. local common = require "lua_selectors/common"

  21. local ts = require("tableshape").types

  22. local E = {}

  23. 

  24. local url_flags_ts = ts.array_of(ts.one_of{

  25.     'content',

  26.     'has_port',

  27.     'has_user',

  28.     'host_encoded',

  29.     'html_displayed',

  30.     'idn',

  31.     'image',

  32.     'missing_slahes', -- sic

  33.     'no_tld',

  34.     'numeric',

  35.     'obscured',

  36.     'path_encoded',

  37.     'phished',

  38.     'query',

  39.     'query_encoded',

  40.     'redirected',

  41.     'schema_encoded',

  42.     'schemaless',

  43.     'subject',

  44.     'text',

  45.     'unnormalised',

  46.     'url_displayed',

  47.     'zw_spaces',

  48.     }):is_optional()

  49. 

  50. local function gen_exclude_flags_filter(exclude_flags)

  51.   return function(u)

  52.     local got_flags = u:get_flags()

  53.     for _, flag in ipairs(exclude_flags) do

  54.       if got_flags[flag] then return false end

  55.     end

  56.     return true

  57.   end

  58. end

  59. 

  60. local extractors = {

  61.   -- Plain id function

  62.   ['id'] = {

  63.     ['get_value'] = function(_, args)

  64.       if args[1] then

  65.         return args[1], 'string'

  66.       end

  67. 

  68.       return '','string'

  69.     end,

  70.     ['description'] = [[Return value from function's argument or an empty string,

  71. For example, `id('Something')` returns a string 'Something']],

  72.     ['args_schema'] = {ts.string:is_optional()}

  73.   },

  74.   -- Similar but for making lists

  75.   ['list'] = {

  76.     ['get_value'] = function(_, args)

  77.       if args[1] then

  78.         return fun.map(tostring, args), 'string_list'

  79.       end

  80. 

  81.       return {},'string_list'

  82.     end,

  83.     ['description'] = [[Return a list from function's arguments or an empty list,

  84. For example, `list('foo', 'bar')` returns a list {'foo', 'bar'}]],

  85.   },

  86.   -- Get source IP address

  87.   ['ip'] = {

  88.     ['get_value'] = function(task)

  89.       local ip = task:get_ip()

  90.       if ip and ip:is_valid() then return ip,'userdata' end

  91.       return nil

  92.     end,

  93.     ['description'] = [[Get source IP address]],

  94.   },

  95.   -- Get MIME from

  96.   ['from'] = {

  97.     ['get_value'] = function(task, args)

  98.       local from

  99.       if type(args) == 'table' then

  100.         from = task:get_from(args)

  101.       else

  102.         from = task:get_from(0)

  103.       end

  104.       if ((from or E)[1] or E).addr then

  105.         return from[1],'table'

  106.       end

  107.       return nil

  108.     end,

  109.     ['description'] = [[Get MIME or SMTP from (e.g. `from('smtp')` or `from('mime')`,

  110. uses any type by default)]],

  111.   },

  112.   ['rcpts'] = {

  113.     ['get_value'] = function(task, args)

  114.       local rcpts

  115.       if type(args) == 'table' then

  116.         rcpts = task:get_recipients(args)

  117.       else

  118.         rcpts = task:get_recipients(0)

  119.       end

  120.       if ((rcpts or E)[1] or E).addr then

  121.         return rcpts,'table_list'

  122.       end

  123.       return nil

  124.     end,

  125.     ['description'] = [[Get MIME or SMTP rcpts (e.g. `rcpts('smtp')` or `rcpts('mime')`,

  126. uses any type by default)]],

  127.   },

  128.   -- Get country (ASN module must be executed first)

  129.   ['country'] = {

  130.     ['get_value'] = function(task)

  131.       local country = task:get_mempool():get_variable('country')

  132.       if not country then

  133.         return nil

  134.       else

  135.         return country,'string'

  136.       end

  137.     end,

  138.     ['description'] = [[Get country (ASN module must be executed first)]],

  139.   },

  140.   -- Get ASN number

  141.   ['asn'] = {

  142.     ['type'] = 'string',

  143.     ['get_value'] = function(task)

  144.       local asn = task:get_mempool():get_variable('asn')

  145.       if not asn then

  146.         return nil

  147.       else

  148.         return asn,'string'

  149.       end

  150.     end,

  151.     ['description'] = [[Get AS number (ASN module must be executed first)]],

  152.   },

  153.   -- Get authenticated username

  154.   ['user'] = {

  155.     ['get_value'] = function(task)

  156.       local auser = task:get_user()

  157.       if not auser then

  158.         return nil

  159.       else

  160.         return auser,'string'

  161.       end

  162.     end,

  163.     ['description'] = 'Get authenticated user name',

  164.   },

  165.   -- Get principal recipient

  166.   ['to'] = {

  167.     ['get_value'] = function(task)

  168.       return task:get_principal_recipient(),'string'

  169.     end,

  170.     ['description'] = 'Get principal recipient',

  171.   },

  172.   -- Get content digest

  173.   ['digest'] = {

  174.     ['get_value'] = function(task)

  175.       return task:get_digest(),'string'

  176.     end,

  177.     ['description'] = 'Get content digest',

  178.   },

  179.   -- Get list of all attachments digests

  180.   ['attachments'] = {

  181.     ['get_value'] = function(task, args)

  182.       local parts = task:get_parts() or E

  183.       local digests = {}

  184.       for i,p in ipairs(parts) do

  185.         if p:is_attachment() then

  186.           table.insert(digests, common.get_cached_or_raw_digest(task, i, p, args))

  187.         end

  188.       end

  189. 

  190.       if #digests > 0 then

  191.         return digests,'string_list'

  192.       end

  193. 

  194.       return nil

  195.     end,

  196.     ['description'] = [[Get list of all attachments digests.

  197. The first optional argument is encoding (`hex`, `base32` (and forms `bleach32`, `rbase32`), `base64`),

  198. the second optional argument is optional hash type (`blake2`, `sha256`, `sha1`, `sha512`, `md5`)]],

  199.     ['args_schema'] = common.digest_schema()

  200. 

  201.   },

  202.   -- Get all attachments files

  203.   ['files'] = {

  204.     ['get_value'] = function(task)

  205.       local parts = task:get_parts() or E

  206.       local files = {}

  207. 

  208.       for _,p in ipairs(parts) do

  209.         local fname = p:get_filename()

  210.         if fname then

  211.           table.insert(files, fname)

  212.         end

  213.       end

  214. 

  215.       if #files > 0 then

  216.         return files,'string_list'

  217.       end

  218. 

  219.       return nil

  220.     end,

  221.     ['description'] = 'Get all attachments files',

  222.   },

  223.   -- Get languages for text parts

  224.   ['languages'] = {

  225.     ['get_value'] = function(task)

  226.       local text_parts = task:get_text_parts() or E

  227.       local languages = {}

  228. 

  229.       for _,p in ipairs(text_parts) do

  230.         local lang = p:get_language()

  231.         if lang then

  232.           table.insert(languages, lang)

  233.         end

  234.       end

  235. 

  236.       if #languages > 0 then

  237.         return languages,'string_list'

  238.       end

  239. 

  240.       return nil

  241.     end,

  242.     ['description'] = 'Get languages for text parts',

  243.   },

  244.   -- Get helo value

  245.   ['helo'] = {

  246.     ['get_value'] = function(task)

  247.       return task:get_helo(),'string'

  248.     end,

  249.     ['description'] = 'Get helo value',

  250.   },

  251.   -- Get header with the name that is expected as an argument. Returns list of

  252.   -- headers with this name

  253.   ['header'] = {

  254.     ['get_value'] = function(task, args)

  255.       local strong = false

  256.       if args[2] then

  257.         if args[2]:match('strong') then

  258.           strong = true

  259.         end

  260. 

  261.         if args[2]:match('full') then

  262.           return task:get_header_full(args[1], strong),'table_list'

  263.         end

  264. 

  265.         return task:get_header(args[1], strong),'string'

  266.       else

  267.         return task:get_header(args[1]),'string'

  268.       end

  269.     end,

  270.     ['description'] = [[Get header with the name that is expected as an argument.

  271. The optional second argument accepts list of flags:

  272.   - `full`: returns all headers with this name with all data (like task:get_header_full())

  273.   - `strong`: use case sensitive match when matching header's name]],

  274.     ['args_schema'] = {ts.string,

  275.                        (ts.pattern("strong") + ts.pattern("full")):is_optional()}

  276.   },

  277.   -- Get list of received headers (returns list of tables)

  278.   ['received'] = {

  279.     ['get_value'] = function(task, args)

  280.       local rh = task:get_received_headers()

  281.       if not rh[1] then

  282.         return nil

  283.       end

  284.       if args[1] then

  285.         return fun.map(function(r) return r[args[1]] end, rh), 'string_list'

  286.       end

  287. 

  288.       return rh,'table_list'

  289.     end,

  290.     ['description'] = [[Get list of received headers.

  291. If no arguments specified, returns list of tables. Otherwise, selects a specific element,

  292. e.g. `by_hostname`]],

  293.   },

  294.   -- Get all urls

  295.   ['urls'] = {

  296.     ['get_value'] = function(task, args)

  297.       local urls = task:get_urls()

  298.       if not urls[1] then

  299.         return nil

  300.       end

  301.       if args[1] then

  302.         return fun.map(function(r) return r[args[1]](r) end, urls), 'string_list'

  303.       end

  304.       return urls,'userdata_list'

  305.     end,

  306.     ['description'] = [[Get list of all urls.

  307. If no arguments specified, returns list of url objects. Otherwise, calls a specific method,

  308. e.g. `get_tld`]],

  309.   },

  310.   -- Get specific urls

  311.   ['specific_urls'] = {

  312.     ['get_value'] = function(task, args)

  313.       local params = args[1] or {}

  314.       params.task = task

  315.       params.no_cache = true

  316.       if params.exclude_flags then

  317.         params.filter = gen_exclude_flags_filter(params.exclude_flags)

  318.       end

  319.       local urls = lua_util.extract_specific_urls(params)

  320.       if not urls[1] then

  321.         return nil

  322.       end

  323.       return urls,'userdata_list'

  324.     end,

  325.     ['description'] = [[Get most specific urls. Arguments are equal to the Lua API function]],

  326.     ['args_schema'] = {ts.shape{

  327.       limit = ts.number + ts.string / tonumber,

  328.       esld_limit = (ts.number + ts.string / tonumber):is_optional(),

  329.       exclude_flags = url_flags_ts,

  330.       flags = url_flags_ts,

  331.       flags_mode = ts.one_of{'explicit'}:is_optional(),

  332.       prefix = ts.string:is_optional(),

  333.       need_content = (ts.boolean + ts.string / lua_util.toboolean):is_optional(),

  334.       need_emails = (ts.boolean + ts.string / lua_util.toboolean):is_optional(),

  335.       need_images = (ts.boolean + ts.string / lua_util.toboolean):is_optional(),

  336.       ignore_redirected = (ts.boolean + ts.string / lua_util.toboolean):is_optional(),

  337.     }}

  338.   },

  339.   -- Get all emails

  340.   ['emails'] = {

  341.     ['get_value'] = function(task, args)

  342.       local urls = task:get_emails()

  343.       if not urls[1] then

  344.         return nil

  345.       end

  346.       if args[1] then

  347.         return fun.map(function(r) return r[args[1]](r) end, urls), 'string_list'

  348.       end

  349.       return urls,'userdata_list'

  350.     end,

  351.     ['description'] = [[Get list of all emails.

  352. If no arguments specified, returns list of url objects. Otherwise, calls a specific method,

  353. e.g. `get_user`]],

  354.   },

  355.   -- Get specific pool var. The first argument must be variable name,

  356.   -- the second argument is optional and defines the type (string by default)

  357.   ['pool_var'] = {

  358.     ['get_value'] = function(task, args)

  359.       local type = args[2] or 'string'

  360.       return task:get_mempool():get_variable(args[1], type),(type)

  361.     end,

  362.     ['description'] = [[Get specific pool var. The first argument must be variable name,

  363. the second argument is optional and defines the type (string by default)]],

  364.     ['args_schema'] = {ts.string, ts.string:is_optional()}

  365.   },

  366.   -- Get value of specific key from task cache

  367.   ['task_cache'] = {

  368.     ['get_value'] = function(task, args)

  369.       local val = task:cache_get(args[1])

  370.       if not val then

  371.         return

  372.       end

  373.       if type(val) == 'table' then

  374.         if not val[1] then

  375.           return

  376.         end

  377.         return val, 'string_list'

  378.       end

  379.       return val, 'string'

  380.     end,

  381.     ['description'] = [[Get value of specific key from task cache. The first argument must be

  382. the key name]],

  383.     ['args_schema'] = {ts.string}

  384.   },

  385.   -- Get specific HTTP request header. The first argument must be header name.

  386.   ['request_header'] = {

  387.     ['get_value'] = function(task, args)

  388.       local hdr = task:get_request_header(args[1])

  389.       if hdr then

  390.         return hdr,'string'

  391.       end

  392. 

  393.       return nil

  394.     end,

  395.     ['description'] = [[Get specific HTTP request header.

  396. The first argument must be header name.]],

  397.     ['args_schema'] = {ts.string}

  398.   },

  399.   -- Get task date, optionally formatted

  400.   ['time'] = {

  401.     ['get_value'] = function(task, args)

  402.       local what = args[1] or 'message'

  403.       local dt = task:get_date{format = what, gmt = true}

  404. 

  405.       if dt then

  406.         if args[2] then

  407.           -- Should be in format !xxx, as dt is in GMT

  408.           return os.date(args[2], dt),'string'

  409.         end

  410. 

  411.         return tostring(dt),'string'

  412.       end

  413. 

  414.       return nil

  415.     end,

  416.     ['description'] = [[Get task timestamp. The first argument is type:

  417.   - `connect`: connection timestamp (default)

  418.   - `message`: timestamp as defined by `Date` header

  419. 

  420.   The second argument is optional time format, see [os.date](http://pgl.yoyo.org/luai/i/os.date) description]],

  421.     ['args_schema'] = {ts.one_of{'connect', 'message'}:is_optional(),

  422.                        ts.string:is_optional()}

  423.   },

  424.   -- Get text words from a message

  425.   ['words'] = {

  426.     ['get_value'] = function(task, args)

  427.       local how = args[1] or 'stem'

  428.       local tp = task:get_text_parts()

  429. 

  430.       if tp then

  431.         local rtype = 'string_list'

  432.         if how == 'full' then

  433.           rtype = 'table_list'

  434.         end

  435. 

  436.         return lua_util.flatten(

  437.             fun.map(function(p)

  438.               return p:get_words(how)

  439.             end, tp)), rtype

  440.       end

  441. 

  442.       return nil

  443.     end,

  444.     ['description'] = [[Get words from text parts

  445.   - `stem`: stemmed words (default)

  446.   - `raw`: raw words

  447.   - `norm`: normalised words (lowercased)

  448.   - `full`: list of tables

  449.   ]],

  450.     ['args_schema'] = { ts.one_of { 'stem', 'raw', 'norm', 'full' }:is_optional()},

  451.   },

  452.   -- Get queue ID

  453.   ['queueid'] = {

  454.     ['get_value'] = function(task)

  455.       local queueid = task:get_queue_id()

  456.       if queueid then return queueid,'string' end

  457.       return nil

  458.     end,

  459.     ['description'] = [[Get queue ID]],

  460.   },

  461.   -- Get ID of the task being processed

  462.   ['uid'] = {

  463.     ['get_value'] = function(task)

  464.       local uid = task:get_uid()

  465.       if uid then return uid,'string' end

  466.       return nil

  467.     end,

  468.     ['description'] = [[Get ID of the task being processed]],

  469.   },

  470.   -- Get message ID of the task being processed

  471.   ['messageid'] = {

  472.     ['get_value'] = function(task)

  473.       local mid = task:get_message_id()

  474.       if mid then return mid,'string' end

  475.       return nil

  476.     end,

  477.     ['description'] = [[Get message ID]],

  478.   },

  479.   -- Get specific symbol

  480.   ['symbol'] = {

  481.     ['get_value'] = function(task, args)

  482.       local symbol = task:get_symbol(args[1], args[2])

  483.       if symbol then

  484.         return symbol[1],'table'

  485.       end

  486.     end,

  487.     ['description'] = 'Get specific symbol. The first argument must be the symbol name. ' ..

  488.       'The second argument is an optional shadow result name. ' ..

  489.       'Returns the symbol table. See task:get_symbol()',

  490.     ['args_schema'] = {ts.string, ts.string:is_optional()}

  491.   },

  492.   -- Get full scan result

  493.   ['scan_result'] = {

  494.     ['get_value'] = function(task, args)

  495.       local res = task:get_metric_result(args[1])

  496.       if res then

  497.         return res,'table'

  498.       end

  499.     end,

  500.     ['description'] = 'Get full scan result (either default or shadow if shadow result name is specified)' ..

  501.         'Returns the result table. See task:get_metric_result()',

  502.     ['args_schema'] = {ts.string:is_optional()}

  503.   },

  504.   -- Get list of metatokens as strings

  505.   ['metatokens'] = {

  506.     ['get_value'] = function(task)

  507.       local tokens = meta_functions.gen_metatokens(task)

  508.       if not tokens[1] then

  509.         return nil

  510.       end

  511.       local res = {}

  512.       for _, t in ipairs(tokens) do

  513.         table.insert(res, tostring(t))

  514.       end

  515.       return res, 'string_list'

  516.     end,

  517.     ['description'] = 'Get metatokens for a message as strings',

  518.   },

  519. }

  520. 

  521. return extractors