diff options
author | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-23 12:50:10 +0100 |
---|---|---|
committer | Vsevolod Stakhov <vsevolod@highsecure.ru> | 2019-04-23 12:50:10 +0100 |
commit | 27235fe7067c26ab3a4322ab6d607103e7e51535 (patch) | |
tree | d76e67249404c29ef187048cf90eea251cc59a47 /lualib/lua_dkim_tools.lua | |
parent | ab20b88431482d42353ab791d7f5a076a18dfc42 (diff) | |
download | rspamd-27235fe7067c26ab3a4322ab6d607103e7e51535.tar.gz rspamd-27235fe7067c26ab3a4322ab6d607103e7e51535.zip |
[Minor] Add support of validity checks in the vault
Diffstat (limited to 'lualib/lua_dkim_tools.lua')
-rw-r--r-- | lualib/lua_dkim_tools.lua | 28 |
1 files changed, 25 insertions, 3 deletions
diff --git a/lualib/lua_dkim_tools.lua b/lualib/lua_dkim_tools.lua index ea84d58de..2e5856d3c 100644 --- a/lualib/lua_dkim_tools.lua +++ b/lualib/lua_dkim_tools.lua @@ -21,6 +21,7 @@ local E = {} local lua_util = require "lua_util" local rspamd_util = require "rspamd_util" local logger = require "rspamd_logger" +local fun = require "fun" local function check_violation(N, task, domain) -- Check for DKIM_REJECT @@ -576,16 +577,37 @@ exports.sign_using_vault = function(N, task, settings, selectors, sign_func, err else local elts = obj.data.selectors or {} - for _,p in ipairs(elts) do + -- Filter selectors by time/sanity + local function is_selector_valid(p) + if not p.key or not p.selector then + return false + end + + if p.valid_start then + -- Check start time + if rspamd_util.get_time() < tonumber(p.valid_start) then + return false + end + end + + if p.valid_end then + if rspamd_util.get_time() >= tonumber(p.valid_end) then + return false + end + end + + return true + end + fun.each(function(p) local dkim_sign_data = { rawkey = p.key, selector = p.selector, - domain = selectors.domain + domain = p.domain or selectors.domain } lua_util.debugm(N, task, 'found and parsed key for %s:%s in Vault', dkim_sign_data.domain, dkim_sign_data.selector) sign_func(task, dkim_sign_data) - end + end, fun.filter(is_selector_valid, elts)) end end end |