From: Vsevolod Stakhov Date: Fri, 21 Nov 2025 11:58:11 +0000 (+0000) Subject: [Test] Isolate url_suspect tests with symbols_enabled X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=refs%2Fpull%2F5758%2Fhead;p=thirdparty%2Frspamd.git [Test] Isolate url_suspect tests with symbols_enabled Use symbols_enabled setting to test only specific url_suspect symbols, preventing interference from other rules like greylist. --- diff --git a/src/plugins/lua/url_suspect.lua b/src/plugins/lua/url_suspect.lua index 019d4d0914..d07a3a24e4 100644 --- a/src/plugins/lua/url_suspect.lua +++ b/src/plugins/lua/url_suspect.lua @@ -200,9 +200,16 @@ function checks.numeric_ip_analysis(task, url, cfg) return findings end - -- Check if private IP using rspamd_ip - local ip = rspamd_util.parse_addr(host) - local is_private = ip and ip:is_local() + -- Parse IP address using rspamd_ip for proper checks + local rspamd_ip = require "rspamd_ip" + local ip = rspamd_ip.from_string(host) + + if not ip or not ip:is_valid() then + return findings + end + + -- Check if private IP using rspamd_ip API + local is_private = ip:is_local() if is_private and cfg.allow_private_ranges then table.insert(findings, { @@ -224,8 +231,8 @@ function checks.numeric_ip_analysis(task, url, cfg) end end - -- Optional: check IP range map if configured (works with rspamd_ip objects) - if maps.suspicious_ips and ip then + -- Optional: check IP range map if configured (radix maps work with rspamd_ip) + if maps.suspicious_ips then if maps.suspicious_ips:get_key(ip) then lua_util.debugm(N, task, "IP is in suspicious range") -- Could add additional penalty diff --git a/test/functional/cases/001_merged/400_url_suspect.robot b/test/functional/cases/001_merged/400_url_suspect.robot index 679b5e21f1..b4a06ea92a 100644 --- a/test/functional/cases/001_merged/400_url_suspect.robot +++ b/test/functional/cases/001_merged/400_url_suspect.robot @@ -8,38 +8,45 @@ Variables ${RSPAMD_TESTDIR}/lib/vars.py URL Suspect - Issue 5731 - Long User Field # Test that URLs with oversized user fields are parsed and scored Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_long_user.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_USER_LONG, URL_USER_VERY_LONG, URL_USER_PASSWORD]} Expect Symbol With Exact Options URL_USER_LONG 129 Do Not Expect Symbol URL_USER_VERY_LONG URL Suspect - Very Long User Field # Test that very long user fields get appropriate symbol Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_very_long_user.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_USER_LONG, URL_USER_VERY_LONG, URL_USER_PASSWORD]} Expect Symbol With Exact Options URL_USER_VERY_LONG 300 URL Suspect - Numeric IP # Test numeric IP detection Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_numeric_ip.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_NUMERIC_IP, URL_NUMERIC_IP_USER, URL_NUMERIC_PRIVATE_IP]} Expect Symbol URL_NUMERIC_IP Do Not Expect Symbol URL_NUMERIC_IP_USER URL Suspect - Numeric IP with User # Test numeric IP with user field (more suspicious) Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_numeric_ip_user.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_NUMERIC_IP, URL_NUMERIC_IP_USER, URL_NUMERIC_PRIVATE_IP]} Expect Symbol URL_NUMERIC_IP_USER URL Suspect - Suspicious TLD # Test suspicious TLD detection Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_bad_tld.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_SUSPICIOUS_TLD, URL_NO_TLD]} Expect Symbol URL_SUSPICIOUS_TLD URL Suspect - Multiple At Signs # Test multiple @ sign detection Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_multiple_at.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_MULTIPLE_AT_SIGNS]} Expect Symbol URL_MULTIPLE_AT_SIGNS URL Suspect - Normal URL # Test that normal URLs don't trigger symbols Scan File ${RSPAMD_TESTDIR}/messages/url_suspect_normal.eml + ... Settings={symbols_enabled = [URL_SUSPECT_CHECK, URL_USER_PASSWORD, URL_NUMERIC_IP, URL_SUSPICIOUS_TLD]} Do Not Expect Symbol URL_USER_PASSWORD Do Not Expect Symbol URL_NUMERIC_IP Do Not Expect Symbol URL_SUSPICIOUS_TLD