diff options
| author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-06-14 15:49:10 +0100 |
|---|---|---|
| committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-06-14 15:49:10 +0100 |
| commit | 2b1fbf58f382ebd0c2b73eaf6b0e69c4bca8a69b (patch) | |
| tree | 13b757612eedb6aa01b2998367fc07dc242dee6a | |
| parent | fee78f0f26562651ab8c8b449b0646914b23f328 (diff) | |
| download | rspamd-2b1fbf58f382ebd0c2b73eaf6b0e69c4bca8a69b.tar.gz rspamd-2b1fbf58f382ebd0c2b73eaf6b0e69c4bca8a69b.zip | |
[Project] Add symbols for explicit enabling
| -rw-r--r-- | src/libserver/rspamd_symcache.c | 20 | ||||
| -rw-r--r-- | src/libserver/rspamd_symcache.h | 12 | ||||
| -rw-r--r-- | src/lua/lua_config.c | 8 |
3 files changed, 34 insertions, 6 deletions
diff --git a/src/libserver/rspamd_symcache.c b/src/libserver/rspamd_symcache.c index fd9db9126..ac0b8dded 100644 --- a/src/libserver/rspamd_symcache.c +++ b/src/libserver/rspamd_symcache.c @@ -1423,10 +1423,18 @@ rspamd_symcache_check_id_list (const struct rspamd_symcache_id_list *ls, guint32 return FALSE; } -static gboolean +gboolean rspamd_symcache_is_item_allowed (struct rspamd_task *task, struct rspamd_symcache_item *item) { + /* Static checks */ + if (!item->enabled || + (RSPAMD_TASK_IS_EMPTY (task) && !(item->type & SYMBOL_TYPE_EMPTY)) || + (item->type & SYMBOL_TYPE_MIME_ONLY && !RSPAMD_TASK_IS_MIME(task))) { + return FALSE; + } + + /* Settings checks */ if (task->settings_elt != 0) { guint32 id = task->settings_elt->id; @@ -1458,6 +1466,11 @@ rspamd_symcache_is_item_allowed (struct rspamd_task *task, id); } } + else if (item->type & SYMBOL_TYPE_EXPLICIT_ENABLE) { + msg_debug_cache_task ("deny execution of %s as it must be explicitly enabled", + item->symbol); + return FALSE; + } /* Allow all symbols with no settings id */ return TRUE; @@ -1501,10 +1514,7 @@ rspamd_symcache_check_symbol (struct rspamd_task *task, /* Check has been started */ SET_START_BIT (checkpoint, dyn_item); - if (!item->enabled || /* Static flag */ - !rspamd_symcache_is_item_allowed (task, item) || /* Dynamic id */ - (RSPAMD_TASK_IS_EMPTY (task) && !(item->type & SYMBOL_TYPE_EMPTY)) || - (item->type & SYMBOL_TYPE_MIME_ONLY && !RSPAMD_TASK_IS_MIME(task))) { + if (!rspamd_symcache_is_item_allowed (task, item)) { msg_debug_cache_task ("disable execution of symbol %s", item->symbol); check = FALSE; } diff --git a/src/libserver/rspamd_symcache.h b/src/libserver/rspamd_symcache.h index a440a542b..fcf3d1c77 100644 --- a/src/libserver/rspamd_symcache.h +++ b/src/libserver/rspamd_symcache.h @@ -51,7 +51,8 @@ enum rspamd_symbol_type { SYMBOL_TYPE_MIME_ONLY = (1u << 15u), /* Symbol is mime only */ SYMBOL_TYPE_EXPLICIT_DISABLE = (1u << 16u), /* Symbol should be disabled explicitly only */ SYMBOL_TYPE_IGNORE_PASSTHROUGH = (1u << 17u), /* Symbol ignores passthrough result */ - SYMBOL_TYPE_USE_CORO = (1u << 18u), /* Symbol uses lua coroutines */ + SYMBOL_TYPE_EXPLICIT_ENABLE = (1u << 18u), /* Symbol should be enabled explicitly only */ + SYMBOL_TYPE_USE_CORO = (1u << 19u), /* Symbol uses lua coroutines */ }; /** @@ -480,4 +481,13 @@ const guint32* rspamd_symcache_get_forbidden_settings_ids (struct rspamd_symcach void rspamd_symcache_process_settings_elt (struct rspamd_symcache *cache, struct rspamd_config_settings_elt *elt); +/** + * Check if a symbol is allowed for execution/insertion + * @param task + * @param item + * @return + */ +gboolean rspamd_symcache_is_item_allowed (struct rspamd_task *task, + struct rspamd_symcache_item *item); + #endif diff --git a/src/lua/lua_config.c b/src/lua/lua_config.c index e54ecce42..802fab1a6 100644 --- a/src/lua/lua_config.c +++ b/src/lua/lua_config.c @@ -1607,6 +1607,9 @@ lua_parse_symbol_flags (const gchar *str) if (strstr (str, "explicit_disable") != NULL) { ret |= SYMBOL_TYPE_EXPLICIT_DISABLE; } + if (strstr (str, "explicit_enable") != NULL) { + ret |= SYMBOL_TYPE_EXPLICIT_ENABLE; + } if (strstr (str, "coro") != NULL) { ret |= SYMBOL_TYPE_USE_CORO; } @@ -1687,6 +1690,11 @@ lua_push_symbol_flags (lua_State *L, guint flags) lua_rawseti (L, -2, i++); } + if (flags & SYMBOL_TYPE_EXPLICIT_ENABLE) { + lua_pushstring (L, "explicit_enable"); + lua_rawseti (L, -2, i++); + } + if (flags & SYMBOL_TYPE_IGNORE_PASSTHROUGH) { lua_pushstring (L, "ignore_passthrough"); lua_rawseti (L, -2, i++); |