commit f426088: [Project] Implement checks for symbols against allowed ids
Vsevolod Stakhov
vsevolod at highsecure.ru
Fri Jun 14 19:00:11 UTC 2019
Author: Vsevolod Stakhov
Date: 2019-06-14 16:11:52 +0100
URL: https://github.com/rspamd/rspamd/commit/f426088b6a9c0d49bf2c9bf11583c1b36ac019b2
[Project] Implement checks for symbols against allowed ids
---
src/libmime/filter.c | 11 +++++++--
src/libserver/rspamd_symcache.c | 55 ++++++++++++++++++++++-------------------
src/libserver/rspamd_symcache.h | 5 ++--
3 files changed, 41 insertions(+), 30 deletions(-)
diff --git a/src/libmime/filter.c b/src/libmime/filter.c
index 3550370ed..39d073b05 100644
--- a/src/libmime/filter.c
+++ b/src/libmime/filter.c
@@ -208,6 +208,13 @@ insert_metric_result (struct rspamd_task *task,
}
}
else {
+ if (sdef->cache_item) {
+ /* Check if we can insert this symbol at all */
+ if (!rspamd_symcache_is_item_allowed (task, sdef->cache_item)) {
+ return NULL;
+ }
+ }
+
final_score = (*sdef->weight_ptr) * weight;
PTR_ARRAY_FOREACH (sdef->groups, i, gr) {
@@ -434,8 +441,8 @@ rspamd_task_insert_result_full (struct rspamd_task *task,
flags);
/* Process cache item */
- if (task->cfg->cache) {
- rspamd_symcache_inc_frequency (task->cfg->cache, symbol);
+ if (task->cfg->cache && s->sym) {
+ rspamd_symcache_inc_frequency (task->cfg->cache, s->sym->cache_item);
}
return s;
diff --git a/src/libserver/rspamd_symcache.c b/src/libserver/rspamd_symcache.c
index ac0b8dded..1ae279e73 100644
--- a/src/libserver/rspamd_symcache.c
+++ b/src/libserver/rspamd_symcache.c
@@ -2281,14 +2281,8 @@ rspamd_symcache_start_refresh (struct rspamd_symcache *cache,
void
rspamd_symcache_inc_frequency (struct rspamd_symcache *cache,
- const gchar *symbol)
+ struct rspamd_symcache_item *item)
{
- struct rspamd_symcache_item *item;
-
- g_assert (cache != NULL);
-
- item = g_hash_table_lookup (cache->items_by_symbol, symbol);
-
if (item != NULL) {
g_atomic_int_inc (&item->st->hits);
}
@@ -2604,28 +2598,37 @@ rspamd_symcache_is_symbol_enabled (struct rspamd_task *task,
item = rspamd_symcache_find_filter (cache, symbol, true);
if (item) {
- dyn_item = rspamd_symcache_get_dynamic (checkpoint, item);
- if (CHECK_START_BIT (checkpoint, dyn_item)) {
+
+ if (!rspamd_symcache_is_item_allowed (task, item)) {
ret = FALSE;
}
else {
- if (item->specific.normal.condition_cb != -1) {
- /* We also executes condition callback to check if we need this symbol */
- L = task->cfg->lua_state;
- lua_rawgeti (L, LUA_REGISTRYINDEX,
- item->specific.normal.condition_cb);
- ptask = lua_newuserdata (L, sizeof (struct rspamd_task *));
- rspamd_lua_setclass (L, "rspamd{task}", -1);
- *ptask = task;
-
- if (lua_pcall (L, 1, 1, 0) != 0) {
- msg_info_task ("call to condition for %s failed: %s",
- item->symbol, lua_tostring (L, -1));
- lua_pop (L, 1);
- }
- else {
- ret = lua_toboolean (L, -1);
- lua_pop (L, 1);
+ dyn_item = rspamd_symcache_get_dynamic (checkpoint, item);
+ if (CHECK_START_BIT (checkpoint, dyn_item)) {
+ ret = FALSE;
+ }
+ else {
+ if (item->specific.normal.condition_cb != -1) {
+ /*
+ * We also executes condition callback to check
+ * if we need this symbol
+ */
+ L = task->cfg->lua_state;
+ lua_rawgeti (L, LUA_REGISTRYINDEX,
+ item->specific.normal.condition_cb);
+ ptask = lua_newuserdata (L, sizeof (struct rspamd_task *));
+ rspamd_lua_setclass (L, "rspamd{task}", -1);
+ *ptask = task;
+
+ if (lua_pcall (L, 1, 1, 0) != 0) {
+ msg_info_task ("call to condition for %s failed: %s",
+ item->symbol, lua_tostring (L, -1));
+ lua_pop (L, 1);
+ }
+ else {
+ ret = lua_toboolean (L, -1);
+ lua_pop (L, 1);
+ }
}
}
}
diff --git a/src/libserver/rspamd_symcache.h b/src/libserver/rspamd_symcache.h
index fcf3d1c77..b063109a4 100644
--- a/src/libserver/rspamd_symcache.h
+++ b/src/libserver/rspamd_symcache.h
@@ -207,7 +207,7 @@ void rspamd_symcache_start_refresh (struct rspamd_symcache *cache,
* @param symbol
*/
void rspamd_symcache_inc_frequency (struct rspamd_symcache *cache,
- const gchar *symbol);
+ struct rspamd_symcache_item *item);
/**
* Add dependency relation between two symbols identified by id (source) and
@@ -482,7 +482,8 @@ void rspamd_symcache_process_settings_elt (struct rspamd_symcache *cache,
struct rspamd_config_settings_elt *elt);
/**
- * Check if a symbol is allowed for execution/insertion
+ * Check if a symbol is allowed for execution/insertion, this does not involve
+ * condition scripts to be checked (so it is intended to be fast).
* @param task
* @param item
* @return
More information about the Commits
mailing list