-
-
Notifications
You must be signed in to change notification settings - Fork 373
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Feature] lua_scanners - Avast Rest API support #4284
base: master
Are you sure you want to change the base?
[Feature] lua_scanners - Avast Rest API support #4284
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It looks good in general, but I'd suggest some small neats.
lua_util.debugm(rule.name, task, '%s: retry IP: %s:%s', | ||
rule.log_prefix, addr, addr:get_port()) | ||
|
||
http.request(request_data) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'd also suggest to add upstream
to request_data
as it will simplify handling. You might also need to remove all calls to upstream:ok
and upstream:fail
as that will be handled internally by lua_http
module.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for you review and your suggestions. And sorry for my late response.
I have missed your commits about the http upstreams :)
I will adopt to http_upstreams_by_url, but I need a 3.3 test system with avast first.
requery() | ||
else | ||
-- Parse the response | ||
if upstream then upstream:ok() end |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
E.g. here...
common.yield_result(task, rule, string.format('Bad HTTP code: %s', code), 1.0, 'fail', maybe_part) | ||
return | ||
end | ||
local data = string.gsub(tostring(body), '[\r\n%s]$', '') |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why do we need that? It copies the text and I see no point in that, as you subsequently parse it via ucl
module. It is also redundant for debugging purposes as Rspamd has a way to fix
that. So I'd suggest to remove that completely.
rule.log_prefix, data) | ||
|
||
local ucl_parser = ucl.parser() | ||
local ok, ucl_err = ucl_parser:parse_string(tostring(body)) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same here, double tostring
is double copy and interning. Please remove it for performance and sanity by replacing parse_string
with parse_text
.
lua_util.debugm(N, task, '%s: JSON OBJECT - %s', rule.log_prefix, result) | ||
|
||
local threat_tbl = {} | ||
if result and result.issues and #result.issues > 0 then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if result and result.issues and #result.issues > 0 then | |
if result and type(result.issues) == 'table' and result.issues[1] then |
threat_tbl['WARN:'..r.warning_str] = 'fail' | ||
end | ||
else | ||
rspamd_logger.warnx(task, '%s: generic warning: id: %s - msg: %s', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
rspamd_logger.warnx(task, '%s: generic warning: id: %s - msg: %s', | |
rspamd_logger.messagex(task, '%s: generic warning: id: %s - msg: %s', |
end | ||
end | ||
|
||
if lua_util.nkeys(threat_tbl) > 0 then |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
if lua_util.nkeys(threat_tbl) > 0 then | |
if next(threat_tbl) then |
@@ -381,7 +381,8 @@ local function gen_extension(fname) | |||
|
|||
local ext = {} | |||
for n = 1, 2 do | |||
ext[n] = #filename_parts > n and string.lower(filename_parts[#filename_parts + 1 - n]) or nil | |||
ext[n] = #filename_parts > n | |||
and string.lower(string.gsub(filename_parts[#filename_parts + 1 - n],'[%c%s%p]','')) or nil |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you please add a descriptive comment of what you are changing here. For me, it is not very intuitive atm.
|
||
local filename | ||
if rule.use_files then | ||
filename = string.format('%s/%s.tmp', |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
filename = string.format('%s/%s.tmp', | |
filename = string.format('%s/%s.tmp.ravast', |
To help detecting file leaks if any...
|
||
local request_data = { | ||
task = task, | ||
timeout = rule.timeout, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
timeout = rule.timeout, | |
timeout = rule.timeout, | |
upstream = upstream, |
Test failure is irrelevant. |
Any news on this? We would be very happy to see this feature in rspamd :) |
Get error using this script: Get back to avast unix socket way. |
Any news on this? We would be very happy to see this feature in rspamd :) |
Is there anything new here yet? If it works via the socket, then it would be great if the example could be adapted, I would be happy if Avast would work with rspamd. |
Add support for the Rest API of Avast Business Antivirus for Linux.
https://businesshelp.avast.com/Content/Products/AfB_Antivirus/Linux/InstallingAvastBusinessAntivirusLinux.htm