fix #4811: rule db: test regex validity on save

and warn only when it's an invalid regex on execution, because users may
have previously had such rules. Otherwise, pmg-smtp-filter will restart
every time it encounters such a rule.

When testing, 'die' if the regex execution 'warns', so that users cannot
enter a semi-invalid or very wrong regex like '^*foo$'.

do so for every rule type that uses a regex to match

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
[S.I.: add short comment in test_regex sub ]
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>

diff --git a/src/PMG/RuleDB/ArchiveFilter.pm b/src/PMG/RuleDB/ArchiveFilter.pm
index 6d91556e94eba2301cd111db67cab9a2ba1e2a9f..3d9890c0d36fc9c1781e9ee45599d03af6006146 100644 (file)
--- a/src/PMG/RuleDB/ArchiveFilter.pm
+++ b/src/PMG/RuleDB/ArchiveFilter.pm
@@ -48,6 +48,12 @@ sub parse_entity {
 
     my $res;
 
+    # test regex for validity
+    eval { "" =~ m|$self->{field_value}|; };
+    if (my $err = $@) {
+       warn "invalid regex: $err\n";
+       return $res;
+    }
     # match subtypes? We currently do exact matches only.
 
     if (my $id = $entity->head->mime_attr ('x-proxmox-tmp-aid')) {

diff --git a/src/PMG/RuleDB/ContentTypeFilter.pm b/src/PMG/RuleDB/ContentTypeFilter.pm
index 76fc1cea8c365e09699ae2cccec88483ebe3016c..0199311a70cf19f07292defe779d6ea03d3dc358 100644 (file)
--- a/src/PMG/RuleDB/ContentTypeFilter.pm
+++ b/src/PMG/RuleDB/ContentTypeFilter.pm
@@ -60,6 +60,13 @@ sub parse_entity {
 
     my $res;
 
+    # test regex for validity
+    eval { "" =~ m|$self->{field_value}|; };
+    if (my $err = $@) {
+       warn "invalid regex: $err\n";
+       return $res;
+    }
+
     # match subtypes? We currently do exact matches only.
 
     if (my $id = $entity->head->mime_attr ('x-proxmox-tmp-aid')) {

diff --git a/src/PMG/RuleDB/MatchArchiveFilename.pm b/src/PMG/RuleDB/MatchArchiveFilename.pm
index 2ef354385bf99d22bd4c326b492a09318c02fe82..5b1cb6dbbcf7a0426986c4344037a5f01ccf2fd6 100644 (file)
--- a/src/PMG/RuleDB/MatchArchiveFilename.pm
+++ b/src/PMG/RuleDB/MatchArchiveFilename.pm
@@ -25,6 +25,13 @@ sub parse_entity {
 
     my $res;
 
+    # test regex for validity
+    eval { "" =~ m|^$self->{fname}$|i; };
+    if (my $err = $@) {
+       warn "invalid regex: $err\n";
+       return $res;
+    }
+
     if (my $id = $entity->head->mime_attr('x-proxmox-tmp-aid')) {
        chomp $id;
 

diff --git a/src/PMG/RuleDB/MatchField.pm b/src/PMG/RuleDB/MatchField.pm
index 177a2832e5aec50ba9de1917c5d81573bcf36524..ee1851ad9390364b32c39c12da2c3b592fb37f29 100644 (file)
--- a/src/PMG/RuleDB/MatchField.pm
+++ b/src/PMG/RuleDB/MatchField.pm
@@ -71,9 +71,7 @@ sub save {
 
     my $regex = $self->{field_value};
 
-    # test regex for validity
-    eval { "" =~ /$regex/i; };
-    die "invalid regex: $@\n" if $@;
+    PMG::Utils::test_regex($regex);
 
     my $new_value = "$self->{field}:$regex";
     $new_value =~ s/\\/\\\\/g;

diff --git a/src/PMG/RuleDB/MatchFilename.pm b/src/PMG/RuleDB/MatchFilename.pm
index c9cdbe08fb8f9b177742b7ba370f10708ea371c0..90f865463605c08d0c86373027f9d6da8cd29268 100644 (file)
--- a/src/PMG/RuleDB/MatchFilename.pm
+++ b/src/PMG/RuleDB/MatchFilename.pm
@@ -58,6 +58,9 @@ sub save {
     defined($self->{ogroup}) || die "undefined ogroup: ERROR";
 
     my $new_value = $self->{fname};
+
+    PMG::Utils::test_regex("^${new_value}\$");
+
     $new_value =~ s/\\/\\\\/g;
     $new_value = encode('UTF-8', $new_value);
 
@@ -91,9 +94,12 @@ sub parse_entity {
        chomp $id;
 
        if (my $value = PMG::Utils::extract_filename($entity->head)) {
-           if ($value =~ m|^$self->{fname}$|i) {
-               push @$res, $id;
-           }
+           eval {
+               if ($value =~ m|^$self->{fname}$|i) {
+                   push @$res, $id;
+               }
+           };
+           warn "invalid regex: $@\n" if $@;
        }
     }
 

diff --git a/src/PMG/RuleDB/WhoRegex.pm b/src/PMG/RuleDB/WhoRegex.pm
index 5c13604bab5c9c3ecc4c6a81976f76c52033fdc3..03405bc75acc69ba241c072345089d1aa545e129 100644 (file)
--- a/src/PMG/RuleDB/WhoRegex.pm
+++ b/src/PMG/RuleDB/WhoRegex.pm
@@ -60,6 +60,9 @@ sub save {
     defined($self->{address}) || die "undefined address: ERROR";
 
     my $adr = $self->{address};
+
+    PMG::Utils::test_regex("^${adr}\$");
+
     $adr =~ s/\\/\\\\/g;
     $adr = encode('UTF-8', $adr);
 
@@ -100,7 +103,12 @@ sub who_match {
 
     my $t = $self->address;
 
-    return $addr =~ m/^$t$/i;
+    my $res;
+    eval {
+       $res = $addr =~ m/^$t$/i;
+    };
+    warn "invalid regex: $@\n" if $@;
+    return $res;
 }
 
 sub address { 

diff --git a/src/PMG/Utils.pm b/src/PMG/Utils.pm
index 342c48d5ef774d6d71697d2a9c13ed4e357de063..12b3ed5adeece6fd5bc75575c092848e79f4e871 100644 (file)
--- a/src/PMG/Utils.pm
+++ b/src/PMG/Utils.pm
@@ -1579,4 +1579,16 @@ sub try_decode_utf8 {
     return eval { decode('UTF-8', $data, 1) } // $data;
 }
 
+sub test_regex {
+    my ($regex) = @_;
+
+    # some errors in regex only create warnings e.g. m/^*foo/ others actually cause a
+    # die e.g. m/*foo/ - treat a warn die here
+    local $SIG{__WARN__} = sub { die @_ };
+    eval { "" =~ m/$regex/i; };
+    die "invalid regex: $@\n" if $@;
+
+    return undef;
+}
+
 1;