From: Dominik Csapak <d.csapak@proxmox.com>
Date: Fri, 14 Apr 2023 09:14:58 +0000 (+0200)
Subject: ruledb: match field: validate regular expressions on addition
X-Git-Url: https://git.proxmox.com/?p=pmg-api.git;a=commitdiff_plain;h=d86c0aebe276674a8cf03e11f0f2eaf732806963

ruledb: match field: validate regular expressions on addition

Do not save rules if they die during an execution test, which is done
by using them once on an empty string.

Since users may have saved already invalid ones, only warn if we
encounter such a regex in 'parse_entity' during execution instead of
dying. Otherwise pmg-smtp-filter will exit and restart, possibly
leading to wrongly denying mails (and possibly sending out NDRs)
before spam checking was done.

Signed-off-by: Dominik Csapak <d.csapak@proxmox.com>
Tested-by: Mira Limbeck <m.limbeck@proxmox.com>
Reviewed-by: Mira Limbeck <m.limbeck@proxmox.com>
 [ T: touch up commit subject/message ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
---

diff --git a/src/PMG/RuleDB/MatchField.pm b/src/PMG/RuleDB/MatchField.pm
index 2b56058..177a283 100644
--- a/src/PMG/RuleDB/MatchField.pm
+++ b/src/PMG/RuleDB/MatchField.pm
@@ -69,7 +69,13 @@ sub save {
 
     defined($self->{ogroup}) || die "undefined ogroup: ERROR";
 
-    my $new_value = "$self->{field}:$self->{field_value}";
+    my $regex = $self->{field_value};
+
+    # test regex for validity
+    eval { "" =~ /$regex/i; };
+    die "invalid regex: $@\n" if $@;
+
+    my $new_value = "$self->{field}:$regex";
     $new_value =~ s/\\/\\\\/g;
     $new_value = encode('UTF-8', $new_value);
 
@@ -111,9 +117,12 @@ sub parse_entity {
 	    my $decvalue = PMG::Utils::decode_rfc1522($value);
 	    $decvalue = PMG::Utils::try_decode_utf8($decvalue);
 
-	    if ($decvalue =~ m|$self->{field_value}|i) {
-		push @$res, $id;
-	    }
+	    eval {
+		if ($decvalue =~ m|$self->{field_value}|i) {
+		    push @$res, $id;
+		}
+	    };
+	    warn "invalid regex: $@\n" if $@;
 	}
     }