aboutsummaryrefslogtreecommitdiffstats
path: root/src/plugins/lua/rspamd_update.lua
blob: f53967317da289a3c0e0a1ec9500a7098b07ef37 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
--[[
Copyright (c) 2016, Vsevolod Stakhov <vsevolod@highsecure.ru>

Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at

    http://www.apache.org/licenses/LICENSE-2.0

Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
]]--

-- This plugin implements dynamic updates for rspamd

local ucl = require "ucl"
local fun = require "fun"
local rspamd_logger = require "rspamd_logger"
local rspamd_config = rspamd_config
local hash = require "rspamd_cryptobox_hash"
local rspamd_version = rspamd_version
local maps = {}

local function process_symbols(obj, priority)
  fun.each(function(sym, score)
    rspamd_config:set_metric_symbol({
      name = sym,
      score = score,
      priority = priority
    })
  end, obj)
end

local function process_actions(obj, priority)
  fun.each(function(act, score)
    rspamd_config:set_metric_action({
      action = act,
      score = score,
      priority = priority
    })
  end, obj)
end

local function process_rules(obj)
  fun.each(function(key, code)
    local f = load(code)
    if f then
      f()
    else
      rspamd_logger(rspamd_config, 'cannot load rules for %s', key)
    end
  end, obj)
end

local function check_version(obj)
  local ret = true

  if not obj then
    return false
  end

  if obj['min_version'] then
    if rspamd_version('cmp', obj['min_version']) > 0 then
      ret = false
      rspamd_logger.errx(rspamd_config, 'updates require at least %s version of rspamd',
        obj['min_version'])
    end
  end
  if obj['max_version'] then
    if rspamd_version('cmp', obj['max_version']) < 0 then
      ret = false
      rspamd_logger.errx(rspamd_config, 'updates require maximum %s version of rspamd',
        obj['max_version'])
    end
  end

  return ret
end

local function gen_callback()

  return function(data)
    local parser = ucl.parser()
    local res,err = parser:parse_string(data)

    if not res then
      rspamd_logger.warnx(rspamd_config, 'cannot parse updates map: ' .. err)
    else
      local h = hash.create()
      h:update(data)
      local obj = parser:get_object()

      if check_version(obj) then

        if obj['symbols'] then
          process_symbols(obj['symbols'])
        end
        if obj['actions'] then
          process_actions(obj['actions'])
        end
        if obj['rules'] then
          process_rules(obj['rules'])
        end

        rspamd_logger.infox(rspamd_config, 'loaded new rules with hash "%s"',
          h:hex())
      end
    end

    return res
  end
end

-- Configuration part
local section = rspamd_config:get_all_opt("rspamd_update")
if section then
  local trusted_key
  fun.each(function(k, elt)
    if k == 'key' then
      trusted_key = elt
    else
      local map = rspamd_config:add_map(elt, "rspamd updates map", nil)
      if not map then
        rspamd_logger.errx(rspamd_config, 'cannot load updates from %1', elt)
      else
        map:set_callback(gen_callback(map))
        maps['elt'] = map
      end
    end
  end, section)

  fun.each(function(k, map)
    -- Check sanity for maps
    local proto = map:get_proto()
    if (proto == 'http' or proto == 'https') and not map:get_sign_key() then
      if trusted_key then
        map:set_sign_key(trusted_key)
      else
        rspamd_logger.warnx(rspamd_config, 'Map %s is loaded by HTTP and it is not signed', k)
      end
    end
  end, maps)
else
  rspamd_logger.infox(rspamd_config, 'Module is unconfigured')
end