path: root/internal/headerfilter/filter.go

// GoToSocial
// Copyright (C) GoToSocial Authors admin@gotosocial.org
// SPDX-License-Identifier: AGPL-3.0-or-later
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package headerfilter

import (
	"errors"
	"fmt"
	"net/http"
	"net/textproto"
	"regexp"
)

// Maximum header value size before we return
// an instant negative match. They shouldn't
// go beyond this size in most cases anywho.
const MaxHeaderValue = 1024

// ErrLargeHeaderValue is returned on attempting to match on a value > MaxHeaderValue.
var ErrLargeHeaderValue = errors.New("header value too large")

// Filters represents a set of http.Header regular
// expression filters built-in statistic tracking.
type Filters []headerfilter

type headerfilter struct {
	// key is the header key to match against
	// in canonical textproto mime header format.
	key string

	// exprs contains regular expressions to
	// match values against for this header key.
	exprs []*regexp.Regexp
}

// Append will add new header filter expression under given header key.
func (fs *Filters) Append(key string, expr string) error {
	var filter *headerfilter

	// Ensure in canonical mime header format.
	key = textproto.CanonicalMIMEHeaderKey(key)

	// Look for existing filter
	// with key in filter slice.
	for i := range *fs {
		if (*fs)[i].key == key {
			filter = &((*fs)[i])
			break
		}
	}

	if filter == nil {
		// No existing filter found, create new.

		// Append new header filter to slice.
		(*fs) = append((*fs), headerfilter{})

		// Then take ptr to this new filter
		// at the last index in the slice.
		filter = &((*fs)[len((*fs))-1])

		// Setup new key.
		filter.key = key
	}

	// Compile regular expression.
	reg, err := regexp.Compile(expr)
	if err != nil {
		return fmt.Errorf("error compiling regexp %q: %w", expr, err)
	}

	// Append regular expression to filter.
	filter.exprs = append(filter.exprs, reg)

	return nil
}

// RegularMatch returns whether any values in http header
// matches any of the receiving filter regular expressions.
// This returns the matched header key, and matching regexp.
func (fs Filters) RegularMatch(h http.Header) (string, string, error) {
	for _, filter := range fs {
		for _, value := range h[filter.key] {
			// Don't perform match on large values
			// to mitigate denial of service attacks.
			if len(value) > MaxHeaderValue {
				return "", "", ErrLargeHeaderValue
			}

			// Compare against regular exprs.
			for _, expr := range filter.exprs {
				if expr.MatchString(value) {
					return filter.key, expr.String(), nil
				}
			}
		}
	}
	return "", "", nil
}

// InverseMatch returns whether any values in http header do
// NOT match any of the receiving filter regular expressions.
// This returns the matched header key, and matching regexp.
func (fs Filters) InverseMatch(h http.Header) (string, string, error) {
	for _, filter := range fs {
		for _, value := range h[filter.key] {
			// Don't perform match on large values
			// to mitigate denial of service attacks.
			if len(value) > MaxHeaderValue {
				return "", "", ErrLargeHeaderValue
			}

			// Compare against regular exprs.
			for _, expr := range filter.exprs {
				if !expr.MatchString(value) {
					return filter.key, expr.String(), nil
				}
			}
		}
	}
	return "", "", nil
}