You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by do...@apache.org on 2007/01/25 08:22:39 UTC
svn commit: r499691 - in /spamassassin/trunk:
lib/Mail/SpamAssassin/NetSet.pm t/trust_path.t
Author: dos
Date: Wed Jan 24 23:22:38 2007
New Revision: 499691
URL: http://svn.apache.org/viewvc?view=rev&rev=499691
Log:
- fix weak validation regexes in netset that caused
"trusted_networks 10/8 !10/8" to be accepted as valid input
(only complete dot-quads were being checked for duplication)
- redirect STDERR in t/trust_path.t when expecting netset to
warn about bad trusted/internal/msa networks config; also cause the tests
to fail if the expected warnings aren't triggered
Modified:
spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm
spamassassin/trunk/t/trust_path.t
Modified: spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm
URL: http://svn.apache.org/viewvc/spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm?view=diff&rev=499691&r1=499690&r2=499691
==============================================================================
--- spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm (original)
+++ spamassassin/trunk/lib/Mail/SpamAssassin/NetSet.pm Wed Jan 24 23:22:38 2007
@@ -54,7 +54,10 @@
foreach (@nets) {
my $exclude = s/^\s*!// ? 1 : 0;
- my ($ip, $bits) = m#^\s*([\d\.]+)(?:/(\d+))?\s*$#;
+ my ($ip, $bits) = m#^\s*
+ ((?:(?:1\d\d|2[0-4]\d|25[0-5]|\d\d|\d)\.){0,3}
+ (?:1\d\d|2[0-4]\d|25[0-5]|\d\d|\d)?) (?:(?<!\.)/(\d+))?
+ \s*$#x;
my $err = "netset: illegal network address given: '$_'\n";
if (!defined $ip) {
@@ -128,7 +131,6 @@
sub is_net_declared {
my ($self, $network, $bits, $exclude, $quiet) = @_;
- return 0 unless ($network =~ m/^\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}$/);
my $mask = 0xFFffFFff ^ ((2 ** (32-$bits)) - 1);
my $aton = Mail::SpamAssassin::Util::my_inet_aton($network);
Modified: spamassassin/trunk/t/trust_path.t
URL: http://svn.apache.org/viewvc/spamassassin/trunk/t/trust_path.t?view=diff&rev=499691&r1=499690&r2=499691
==============================================================================
--- spamassassin/trunk/t/trust_path.t (original)
+++ spamassassin/trunk/t/trust_path.t Wed Jan 24 23:22:38 2007
@@ -18,11 +18,18 @@
use lib '.'; use lib 't';
use SATest; sa_t_init("trust_path");
-use Test; BEGIN { plan tests => 63 };
-
+use Test; BEGIN { plan tests => 69 };
+use IO::File;
use strict;
+# make a _copy_ of the STDERR file descriptor
+# (so we can restore it after redirecting it)
+open(OLDERR, ">&STDERR") || die "Cannot copy STDERR file handle";
+
+# quiet "used only once" warnings
+1 if *OLDERR;
+
my @data = (
# ---------------------------------------------------------------------------
@@ -51,6 +58,7 @@
} => q{
+Netset-Warn
Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= msa=0 ]
Untrusted:
@@ -65,6 +73,7 @@
} => q{
+Netset-Warn
Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= msa=0 ]
Untrusted:
@@ -72,7 +81,7 @@
# ---------------------------------------------------------------------------
-# 127/8 explicitly untrusted
+# 127/8 explicitly untrusted -- which is not possible to do
q{
trusted_networks 1.2/16 !127/8
@@ -82,6 +91,7 @@
} => q{
+Netset-Warn
Trusted: [ ip=127.0.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= msa=0 ]
Untrusted:
@@ -130,6 +140,7 @@
} => q{
+Netset-Warn
Trusted: [ ip=1.2.3.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= msa=0 ]
Untrusted:
@@ -286,6 +297,7 @@
} => q{
+Netset-Warn
Trusted: [ ip=1.1.1.2 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= msa=0 ]
Untrusted:
@@ -396,6 +408,40 @@
# ---------------------------------------------------------------------------
+# test to make sure netset is detecting overlap correctly when using short CIDR notations
+q{
+
+ trusted_networks 1/8 !1/8
+ Received: from sender.net (1.1.1.1) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Netset-Warn
+Trusted: [ ip=1.1.1.1 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=1 id= auth= msa=0 ]
+Untrusted:
+
+},
+
+# ---------------------------------------------------------------------------
+
+# test to make sure netset is detecting overlap correctly when using short CIDR notations
+q{
+
+ trusted_networks !1/8 1/8
+ Received: from sender.net (1.1.1.1) by receiver.net
+ with SMTP; 10 Nov 2005 00:00:00 -0000
+
+} => q{
+
+Netset-Warn
+Trusted:
+Untrusted: [ ip=1.1.1.1 rdns=sender.net helo=sender.net by=receiver.net ident= envfrom= intl=0 id= auth= msa=0 ]
+
+},
+
+# ---------------------------------------------------------------------------
+
);
@@ -423,16 +469,27 @@
tstprefs ($conf);
+ my $netset_warn = 0;
+ my $fh;
+ if ($expected =~ s/^\s*Netset-Warn\s*//) {
+ # create a file descriptior for logging STDERR
+ # (we do not want warnings for regexps we know are invalid)
+ $fh = IO::File->new_tmpfile();
+ open(STDERR, ">&".fileno($fh)) || die "Cannot create LOGERR temp file";
+ $netset_warn = 1;
+ print "[netset warning expected here...]\n";
+ }
+
my $sa = create_saobj({ userprefs_filename => "log/tst.cf" });
ok($sa);
$sa->{lint_callback} = sub {
my %opts = @_;
- print "lint warning: $opts{msg}\n";
+ print "lint error: $opts{msg}\n";
};
if ($expected =~ s/^\s*Lint-Error\s*//) {
- print "[lint warning expected here...]\n";
+ print "[lint error expected here...]\n";
ok ($sa->lint_rules() != 0) or $test_failure=1;
} else {
ok ($sa->lint_rules() == 0) or $test_failure=1;
@@ -444,6 +501,28 @@
my $result = $status->rewrite_mail();
# warn "JMD $result";
+
+ if ($netset_warn) {
+ open(STDERR, ">&=OLDERR") || die "Cannot reopen STDERR";
+
+ seek($fh, 0, 0);
+ my $error = do {
+ local $/;
+ <$fh>;
+ };
+ close $fh;
+
+ $test_failure=1;
+ for (split(/^/m, $error)) {
+ if (/^netset: /) {
+ $test_failure=0;
+ print "netset warn: $_";
+ } else {
+ warn $_;
+ }
+ }
+ }
+
$result =~ s/\n[ \t]+/ /gs;
$result =~ /(?:\n|^)X-Spam-Trusted: ([^\n]*)\n/s;
my $relays_t = $1;