diff options
author | twesterhever <40121680+twesterhever@users.noreply.github.com> | 2022-11-06 14:48:54 +0000 |
---|---|---|
committer | GitHub <noreply@github.com> | 2022-11-06 14:48:54 +0000 |
commit | 1f78100963b372ab1a9511e8595aa335d3facb82 (patch) | |
tree | 8e1d62a942a110cfc7003b649ae9c1f969f6c8f2 /rules | |
parent | ac6d1a6566a4ecf3e4ff75c27047d1f9ef2f01d7 (diff) | |
download | rspamd-1f78100963b372ab1a9511e8595aa335d3facb82.tar.gz rspamd-1f78100963b372ab1a9511e8595aa335d3facb82.zip |
[Minor] Limit CIDv1 detection to 128 bytes
As requested by @vstakhov in https://github.com/rspamd/rspamd/pull/4310#pullrequestreview-1148226107, try to limit the performance impact of this regular expression. However, given that there does not seem to be a hard limit for CIDv1s in IPFS itself, using an hashing algorithm with large output my permit miscreants to get around this rule.
Diffstat (limited to 'rules')
-rw-r--r-- | rules/regexp/misc.lua | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/rules/regexp/misc.lua b/rules/regexp/misc.lua index 940a9187e..e39258a41 100644 --- a/rules/regexp/misc.lua +++ b/rules/regexp/misc.lua @@ -106,7 +106,7 @@ rspamd_config:register_dependency('LEAKED_PASSWORD_SCAM', 'BITCOIN_ADDR') -- content identifier (CID), comprising of either "qm", followed by 46 alphanumerical -- characters (CIDv0), or a CIDv1 of an alphanumerical string of unspecified length, -- depending on the hash algorithm used, but starting with a multibase prefix. -local ipfs_cid = '/(qm[a-z0-9]{44}|[079fFvVtTbBcChkKzZmMuUP][a-z0-9]{45,256})/{url}i' +local ipfs_cid = '/(qm[a-z0-9]{44}|[079fFvVtTbBcChkKzZmMuUP][a-z0-9]{44,128})/{url}i' local ipfs_string = '/ipfs(\\.|-|_|\\/|\\?)/{url}i' reconf['HAS_IPFS_GATEWAY_URL'] = { description = 'Message contains InterPlanetary File System (IPFS) gateway URL, likely malicious', |