[Feature] ASN module; support matching ASN/country in multimap

- Also removed stuff from ip_score - Updated tests
9 years ago · 643ca8d0da
5 changed files with 141 additions and 42 deletions
--- a/src/plugins/lua/asn.lua
+++ b/src/plugins/lua/asn.lua
@ -0,0 +1,100 @@
 --[[
 Copyright (c) 2011-2016, Vsevolod Stakhov <vsevolod@highsecure.ru>
 Copyright (c) 2016, Andrew Lewis <nerf@judo.za.org>
 Licensed under the Apache License, Version 2.0 (the "License");
 you may not use this file except in compliance with the License.
 You may obtain a copy of the License at
    http://www.apache.org/licenses/LICENSE-2.0
 Unless required by applicable law or agreed to in writing, software
 distributed under the License is distributed on an "AS IS" BASIS,
 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 See the License for the specific language governing permissions and
 limitations under the License.
 ]]--
 local rspamd_logger = require "rspamd_logger"
 local rspamd_regexp = require "rspamd_regexp"
 local options = {
  provider_type = 'cymru',
  provider_info = {
    ip4 = 'origin.asn.cymru.com',
    ip6 = 'origin6.asn.cymru.com',
  },
  symbol = 'ASN',
 }
 local cymru_re = rspamd_regexp.create_cached("[\\|\\s]")
 local function asn_check(task)
  local function asn_set(asn, ipnet, country)
    local descr_t = {}
    if asn then
      task:get_mempool():set_variable("asn", asn)
      table.insert(descr_t, "asn:" .. asn)
    end
    if ipnet then
      task:get_mempool():set_variable("ipnet", ipnet)
      table.insert(descr_t, "ipnet:" .. ipnet)
    end
    if country then
      task:get_mempool():set_variable("country", country)
      table.insert(descr_t, "country:" .. country)
    end
    if options['symbol'] then
      task:insert_result(options['symbol'], 0.0, table.concat(descr_t, ', '))
    end
  end
  local asn_check_func = {}
  function asn_check_func.cymru(ip)
    local function cymru_dns_cb(resolver, to_resolve, results, err, key)
      if not (results and results[1]) then return end
      local parts = cymru_re:split(results[1])
      -- "15169 | 8.8.8.0/24 | US | arin |" for 8.8.8.8
      asn_set(parts[1], parts[2], parts[3])
    end
    local dnsbl = options['provider_info']['ip' .. ip:get_version()]
    local req_name = rspamd_logger.slog("%1.%2",
        table.concat(ip:inversed_str_octets(), '.'), dnsbl)
    task:get_resolver():resolve_txt(task:get_session(), task:get_mempool(),
        req_name, cymru_dns_cb)
  end
  local ip = task:get_from_ip()
  if not (ip and ip:is_valid()) then return end
  asn_check_func[options['provider_type']](ip)
 end
 -- Configuration options
 local configure_asn_module = function()
  local opts =  rspamd_config:get_all_opt('asn')
  if opts then
    for k,v in pairs(opts) do
      options[k] = v
    end
  end
  if options['provider_type'] == 'cymru' then
    if not options['provider_info'] and options['provider_info']['ip4'] and
        options['provider_info']['ip6'] then
      rspamd_logger.errx("Missing required provider_info for cymru")
      return false
    end
  else
    rspamd_logger.errx("Unknown provider_type: %s", options['provider_type'])
    return false
  end
  return true
 end
 if configure_asn_module() then
  rspamd_config:register_symbol({
    name = 'ASN_CHECK',
    type = 'prefilter',
    callback = asn_check,
  })
 end
--- a/src/plugins/lua/ip_score.lua
+++ b/src/plugins/lua/ip_score.lua
@ -28,8 +28,6 @@ local whitelist = nil
 local asn_cc_whitelist = nil
 local options = {
  asn_provider = 'origin.asn.cymru.com', -- provider for ASN data
  asn6_provider = 'origin6.asn.cymru.com', -- provider for ASN data
  actions = { -- how each action is treated in scoring
    ['reject'] = 1.0,
    ['add header'] = 0.25,
@ -56,38 +54,6 @@ local options = {
 local asn_re = rspamd_regexp.create_cached("[\\|\\s]")
 local function asn_check(task)
  local ip = task:get_from_ip()
  local function asn_dns_cb(resolver, to_resolve, results, err, key)
    if results and results[1] then
      local parts = asn_re:split(results[1])
      -- "15169 | 8.8.8.0/24 | US | arin |" for 8.8.8.8
      if parts[1] then
        task:get_mempool():set_variable("asn", parts[1])
      end
      if parts[2] then
        task:get_mempool():set_variable("ipnet", parts[2])
      end
      if parts[3] then
        task:get_mempool():set_variable("country", parts[3])
      end
    end
  end
  if ip and ip:is_valid() then
    local asn_provider = 'asn_provider'
    if ip:get_version() == 6 then
      asn_provider = 'asn6_provider'
    end
    local req_name = rspamd_logger.slog("%1.%2",
      table.concat(ip:inversed_str_octets(), '.'), options[asn_provider])
    task:get_resolver():resolve_txt(task:get_session(), task:get_mempool(),
        req_name, asn_dns_cb)
  end
 end
 local function ip_score_hash_key(asn, country, ipnet, ip)
  -- We use the most common attribute as hashing key
  if country then
@ -364,13 +330,6 @@ end
 configure_ip_score_module()
 if redis_params then
  -- Register ip_score module
  if options['asn_provider'] then
    rspamd_config:register_symbol({
      name = 'ASN_CHECK',
      type = 'prefilter',
      callback = asn_check,
    })
  end
  rspamd_config:register_symbol({
    name = 'IPSCORE_SAVE',
    type = 'postfilter',
--- a/src/plugins/lua/multimap.lua
+++ b/src/plugins/lua/multimap.lua
@ -509,6 +509,16 @@ local function multimap_callback(task, rule)
    if hostname and hostname ~= 'unknown' then
      match_hostname(rule, hostname)
    end
  elseif rt == 'asn' then
    local asn = task:get_mempool():get_variable('asn')
    if asn then
      match_rule(rule, asn)
    end
  elseif rt == 'country' then
    local country = task:get_mempool():get_variable('country')
    if country then
      match_rule(rule, country)
    end
  end
 end
@ -595,7 +605,9 @@ local function add_multimap_rule(key, newrule)
        or newrule['type'] == 'filename'
        or newrule['type'] == 'url'
        or newrule['type'] == 'content'
        or newrule['type'] == 'hostname' then
        or newrule['type'] == 'hostname'
        or newrule['type'] == 'asn'
        or newrule['type'] == 'country' then
        if newrule['regexp'] then
          newrule['hash'] = rspamd_config:add_map ({
            url = newrule['map'],
--- a/test/functional/cases/102_multimap.robot
+++ b/test/functional/cases/102_multimap.robot
@ -210,6 +210,24 @@ MAP - REDIS - URL NOFILTER - MISS
  ${result} =  Scan Message With Rspamc  ${URL4}
  Check Rspamc  ${result}  REDIS_URL_NOFILTER  inverse=1
 MAP - REDIS - ASN - HIT
  Redis HSET  asn  15169  ${EMPTY}
  ${result} =  Scan Message With Rspamc  ${MESSAGE}  -i  8.8.8.8
  Check Rspamc  ${result}  REDIS_ASN
 MAP - REDIS - ASN - MISS
  ${result} =  Scan Message With Rspamc  ${MESSAGE}  -i  46.228.47.114
  Check Rspamc  ${result}  REDIS_ASN  inverse=1
 MAP - REDIS - CC - HIT
  Redis HSET  cc  US  ${EMPTY}
  ${result} =  Scan Message With Rspamc  ${MESSAGE}  -i  8.8.8.8
  Check Rspamc  ${result}  REDIS_COUNTRY
 MAP - REDIS - ASN - MISS
  ${result} =  Scan Message With Rspamc  ${MESSAGE}  -i  46.228.47.114
  Check Rspamc  ${result}  REDIS_COUNTRY  inverse=1
 *** Keywords ***
 Multimap Setup
  ${PLUGIN_CONFIG} =  Get File  ${TESTDIR}/configs/multimap.conf
--- a/test/functional/configs/multimap.conf
+++ b/test/functional/configs/multimap.conf
@ -1,3 +1,5 @@
 asn {
 }
 redis {
  servers = "${REDIS_ADDR}:${REDIS_PORT}";
 }
@ -96,4 +98,12 @@ multimap {
    type = "url";
    map = "redis://urlnofilter";
  }
  REDIS_COUNTRY {
    type = "country";
    map = "redis://cc";
  }
  REDIS_ASN {
    type = "asn";
    map = "redis://asn";
  }
 }