mirrors
/
rspamd
mirror of https://github.com/vstakhov/rspamd.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 159 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
19570 Commits
28 Branches
Tree: cbdb21960f
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'cbdb21960f'
${ noResults }
rspamd/rules/bitcoin.lua

bitcoin.lua 6.3KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234 
  1. --[[

  2. Copyright (c) 2022, Vsevolod Stakhov <vsevolod@rspamd.com>

  3. 

  4. Licensed under the Apache License, Version 2.0 (the "License");

  5. you may not use this file except in compliance with the License.

  6. You may obtain a copy of the License at

  7. 

  8.     http://www.apache.org/licenses/LICENSE-2.0

  9. 

  10. Unless required by applicable law or agreed to in writing, software

  11. distributed under the License is distributed on an "AS IS" BASIS,

  12. WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  13. See the License for the specific language governing permissions and

  14. limitations under the License.

  15. ]]--

  16. 

  17. -- Bitcoin filter rules

  18. 

  19. local fun = require "fun"

  20. local bit = require "bit"

  21. local lua_util = require "lua_util"

  22. local rspamd_util = require "rspamd_util"

  23. local N = "bitcoin"

  24. 

  25. local off = 0

  26. local base58_dec = fun.tomap(fun.map(

  27.     function(c)

  28.       off = off + 1

  29.       return c,(off - 1)

  30.     end,

  31.     "123456789ABCDEFGHJKLMNPQRSTUVWXYZabcdefghijkmnopqrstuvwxyz"))

  32. 

  33. local function is_traditional_btc_address(word)

  34.   local hash = require "rspamd_cryptobox_hash"

  35. 

  36.   local bytes = {}

  37.   for i=1,25 do bytes[i] = 0 end

  38.   -- Base58 decode loop

  39.   fun.each(function(ch)

  40.     local acc = base58_dec[ch] or 0

  41.     for i=25,1,-1 do

  42.       acc = acc + (58 * bytes[i]);

  43.       bytes[i] = acc % 256

  44.       acc = math.floor(acc / 256);

  45.     end

  46.   end, word)

  47.   -- Now create a validation tag

  48.   local sha256 = hash.create_specific('sha256')

  49.   for i=1,21 do

  50.     sha256:update(string.char(bytes[i]))

  51.   end

  52.   sha256 = hash.create_specific('sha256', sha256:bin()):bin()

  53. 

  54.   -- Compare tags

  55.   local valid = true

  56.   for i=1,4 do

  57.     if string.sub(sha256, i, i) ~= string.char(bytes[21 + i]) then

  58.       valid = false

  59.     end

  60.   end

  61. 

  62.   return valid

  63. end

  64. 

  65. -- Beach32 checksum combiner

  66. local function polymod(...)

  67.   local chk = 1;

  68.   local gen = {0x3b6a57b2, 0x26508e6d, 0x1ea119fa, 0x3d4233dd, 0x2a1462b3};

  69.   for _,t in ipairs({...}) do

  70.     for _,v in ipairs(t) do

  71.       local top = bit.rshift(chk, 25)

  72. 

  73.       chk = bit.bxor(bit.lshift(bit.band(chk, 0x1ffffff), 5), v)

  74.       for i=1,5 do

  75.         if bit.band(bit.rshift(top, i - 1), 0x1) ~= 0 then

  76.           chk = bit.bxor(chk, gen[i])

  77.         end

  78.       end

  79.     end

  80.   end

  81. 

  82.   return chk

  83. end

  84. 

  85. -- Beach32 expansion function

  86. local function hrpExpand(hrp)

  87.   local ret = {}

  88.   fun.each(function(byte)

  89.     ret[#ret + 1] = bit.rshift(byte, 5)

  90.   end, fun.map(string.byte, fun.iter(hrp)))

  91.   ret[#ret + 1] = 0

  92.   fun.each(function(byte)

  93.     ret[#ret + 1] = bit.band(byte, 0x1f)

  94.   end, fun.map(string.byte, fun.iter(hrp)))

  95. 

  96.   return ret

  97. end

  98. 

  99. local function verify_beach32_cksum(hrp, elts)

  100.   return polymod(hrpExpand(hrp), elts) == 1

  101. end

  102. 

  103. 

  104. local function gen_bleach32_table(input)

  105.   local d = {}

  106.   local i = 1

  107.   local res = true

  108.   local charset = 'qpzry9x8gf2tvdw0s3jn54khce6mua7l'

  109. 

  110.   fun.each(function(byte)

  111.     if res then

  112.       local pos = charset:find(byte, 1, true)

  113.       if not pos then

  114.         res = false

  115.       else

  116.         d[i] = pos - 1

  117.         i = i + 1

  118.       end

  119.     end

  120.   end, fun.iter(input))

  121. 

  122.   return res and d or nil

  123. end

  124. 

  125. local function is_segwit_bech32_address(task, word)

  126.   local semicolon_pos = string.find(word, ':')

  127.   local address_part = word

  128.   if semicolon_pos then

  129.     address_part = string.sub(word, semicolon_pos + 1)

  130.   end

  131. 

  132.   local prefix = address_part:sub(1, 3)

  133. 

  134.   if prefix == 'bc1' or prefix:sub(1, 1) == '1' or prefix:sub(1, 1) == '3' then

  135.     -- Strip beach32 prefix in bitcoin

  136.     address_part = address_part:lower()

  137.     local last_one_pos = address_part:find('1[^1]*$')

  138.     if not last_one_pos or (last_one_pos < 1 or last_one_pos + 7 > #address_part) then

  139.       return false

  140.     end

  141.     local hrp = address_part:sub(1, last_one_pos - 1)

  142.     local addr = address_part:sub(last_one_pos + 1, -1)

  143.     local decoded = gen_bleach32_table(addr)

  144. 

  145.     if decoded then

  146.       return verify_beach32_cksum(hrp, decoded)

  147.     end

  148.   else

  149.     -- Bitcoin cash address

  150.     -- https://www.bitcoincash.org/spec/cashaddr.html

  151.     local decoded = gen_bleach32_table(address_part)

  152.     lua_util.debugm(N, task, 'check %s, %s decoded', word, decoded)

  153. 

  154.     if decoded and #decoded > 8 then

  155.       if semicolon_pos then

  156.         prefix = word:sub(1, semicolon_pos - 1)

  157.       else

  158.         prefix = 'bitcoincash'

  159.       end

  160. 

  161.       local polymod_tbl = {}

  162.       fun.each(function(byte)

  163.         local b = bit.band(string.byte(byte), 0x1f)

  164.         table.insert(polymod_tbl, b)

  165.       end, fun.iter(prefix))

  166. 

  167.       -- For semicolon

  168.       table.insert(polymod_tbl, 0)

  169. 

  170.       fun.each(function(byte) table.insert(polymod_tbl, byte) end, decoded)

  171.       lua_util.debugm(N, task, 'final polymod table: %s', polymod_tbl)

  172. 

  173.       return rspamd_util.btc_polymod(polymod_tbl)

  174.     end

  175.   end

  176. end

  177. 

  178. local normal_wallet_re = [[/\b[13LM][1-9A-Za-z]{25,34}\b/AL{sa_body}]]

  179. local btc_bleach_re = [[/\b(?:(?:[a-zA-Z]\w+:)|(?:bc1))?[qpzry9x8gf2tvdw0s3jn54khce6mua7l]{14,}\b/AL{sa_body}]]

  180. 

  181. config.regexp['BITCOIN_ADDR'] = {

  182.   description = 'Message has a valid bitcoin wallet address',

  183.   -- Use + operator to ensure that each expression is always evaluated

  184.   re = string.format('(%s) + (%s) > 0', normal_wallet_re, btc_bleach_re),

  185.   re_conditions = {

  186.     [normal_wallet_re] = function(task, txt, s, e)

  187.       local len = e - s

  188.       if len <= 2 or len > 1024 then

  189.         return false

  190.       end

  191. 

  192.       local word = lua_util.str_trim(txt:sub(s + 1, e))

  193.       local valid = is_traditional_btc_address(word)

  194. 

  195.       if valid then

  196.         -- To save option

  197.         task:insert_result('BITCOIN_ADDR', 1.0, word)

  198.         lua_util.debugm(N, task, 'found valid traditional bitcoin addr in the word: %s',

  199.             word)

  200.         return true

  201.       else

  202.         lua_util.debugm(N, task, 'found invalid bitcoin addr in the word: %s',

  203.             word)

  204. 

  205.         return false

  206.       end

  207.     end,

  208.     [btc_bleach_re] = function(task, txt, s, e)

  209.       local len = e - s

  210.       if len <= 2 or len > 1024 then

  211.         return false

  212.       end

  213. 

  214.       local word = tostring(lua_util.str_trim(txt:sub(s + 1, e)))

  215.       local valid = is_segwit_bech32_address(task, word)

  216. 

  217.       if valid then

  218.         -- To save option

  219.         task:insert_result('BITCOIN_ADDR', 1.0, word)

  220.         lua_util.debugm(N, task, 'found valid bleach bitcoin addr in the word: %s',

  221.             word)

  222.         return true

  223.       else

  224.         lua_util.debugm(N, task, 'found invalid bitcoin addr in the word: %s',

  225.             word)

  226. 

  227.         return false

  228.       end

  229.     end,

  230.   },

  231.   score = 0.0,

  232.   one_shot = true,

  233.   group = 'scams',

  234. }