mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
21071 Commits
30 Branches
Tree: 7769774962
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7769774962'
${ noResults }
rspamd/src/plugins/lua/rspamd_update.lua

rspamd_update.lua 4.1KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. if confighelp then

  18.   return

  19. end

  20. 

  21. -- This plugin implements dynamic updates for rspamd

  22. 

  23. local ucl = require "ucl"

  24. local fun = require "fun"

  25. local rspamd_logger = require "rspamd_logger"

  26. local rspamd_config = rspamd_config

  27. local hash = require "rspamd_cryptobox_hash"

  28. local lua_util = require "lua_util"

  29. local N = "rspamd_update"

  30. local rspamd_version = rspamd_version

  31. local maps = {}

  32. local allow_rules = false -- Deny for now

  33. local global_priority = 1 -- Default for local rules

  34. 

  35. local function process_symbols(obj, priority)

  36.   fun.each(function(sym, score)

  37.     rspamd_config:set_metric_symbol({

  38.       name = sym,

  39.       score = score,

  40.       priority = priority

  41.     })

  42.   end, obj)

  43. end

  44. 

  45. local function process_actions(obj, priority)

  46.   fun.each(function(act, score)

  47.     rspamd_config:set_metric_action({

  48.       action = act,

  49.       score = score,

  50.       priority = priority

  51.     })

  52.   end, obj)

  53. end

  54. 

  55. local function process_rules(obj)

  56.   fun.each(function(key, code)

  57.     local f = load(code)

  58.     if f then

  59.       f()

  60.     else

  61.       rspamd_logger(rspamd_config, 'cannot load rules for %s', key)

  62.     end

  63.   end, obj)

  64. end

  65. 

  66. local function check_version(obj)

  67.   local ret = true

  68. 

  69.   if not obj then

  70.     return false

  71.   end

  72. 

  73.   if obj['min_version'] then

  74.     if rspamd_version('cmp', obj['min_version']) > 0 then

  75.       ret = false

  76.       rspamd_logger.errx(rspamd_config, 'updates require at least %s version of rspamd',

  77.           obj['min_version'])

  78.     end

  79.   end

  80.   if obj['max_version'] then

  81.     if rspamd_version('cmp', obj['max_version']) < 0 then

  82.       ret = false

  83.       rspamd_logger.errx(rspamd_config, 'updates require maximum %s version of rspamd',

  84.           obj['max_version'])

  85.     end

  86.   end

  87. 

  88.   return ret

  89. end

  90. 

  91. local function gen_callback()

  92. 

  93.   return function(data)

  94.     local parser = ucl.parser()

  95.     local res, err = parser:parse_string(data)

  96. 

  97.     if not res then

  98.       rspamd_logger.warnx(rspamd_config, 'cannot parse updates map: ' .. err)

  99.     else

  100.       local h = hash.create()

  101.       h:update(data)

  102.       local obj = parser:get_object()

  103. 

  104.       if check_version(obj) then

  105. 

  106.         if obj['symbols'] then

  107.           process_symbols(obj['symbols'], global_priority)

  108.         end

  109.         if obj['actions'] then

  110.           process_actions(obj['actions'], global_priority)

  111.         end

  112.         if allow_rules and obj['rules'] then

  113.           process_rules(obj['rules'])

  114.         end

  115. 

  116.         rspamd_logger.infox(rspamd_config, 'loaded new rules with hash "%s"',

  117.             h:hex())

  118.       end

  119.     end

  120. 

  121.     return res

  122.   end

  123. end

  124. 

  125. -- Configuration part

  126. local section = rspamd_config:get_all_opt("rspamd_update")

  127. if section and section.rules then

  128.   local trusted_key

  129.   if section.key then

  130.     trusted_key = section.key

  131.   end

  132. 

  133.   if type(section.rules) ~= 'table' then

  134.     section.rules = { section.rules }

  135.   end

  136. 

  137.   fun.each(function(elt)

  138.     local map = rspamd_config:add_map(elt, "rspamd updates map", nil, "callback")

  139.     if not map then

  140.       rspamd_logger.errx(rspamd_config, 'cannot load updates from %1', elt)

  141.     else

  142.       map:set_callback(gen_callback(map))

  143.       maps['elt'] = map

  144.     end

  145.   end, section.rules)

  146. 

  147.   fun.each(function(k, map)

  148.     -- Check sanity for maps

  149.     local proto = map:get_proto()

  150.     if (proto == 'http' or proto == 'https') and not map:get_sign_key() then

  151.       if trusted_key then

  152.         map:set_sign_key(trusted_key)

  153.       else

  154.         rspamd_logger.warnx(rspamd_config, 'Map %s is loaded by HTTP and it is not signed', k)

  155.       end

  156.     end

  157.   end, maps)

  158. else

  159.   rspamd_logger.infox(rspamd_config, 'Module is unconfigured')

  160.   lua_util.disable_module(N, "config")

  161. end