From: Tom Hughes <tom@compton.nu>
Date: Wed, 20 Mar 2024 17:43:10 +0000 (+0000)
Subject: Try and detaint messages.openstreetmap.org deliveries
X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/a94baac3b7d95a60437007caf2ece9399b5312cb

Try and detaint messages.openstreetmap.org deliveries
---

diff --git a/cookbooks/exim/recipes/default.rb b/cookbooks/exim/recipes/default.rb
index 6ac19107f..7354e93d3 100644
--- a/cookbooks/exim/recipes/default.rb
+++ b/cookbooks/exim/recipes/default.rb
@@ -131,6 +131,13 @@ file "/etc/exim4/blocked-sender-domains" do
   mode "644"
 end
 
+file "/etc/exim4/detaint" do
+  owner "root"
+  group "Debian-exim"
+  mode "644"
+  content "*"
+end
+
 if node[:exim][:dkim_selectors]
   keys = data_bag_item("exim", "dkim")
 
diff --git a/roles/web-frontend.rb b/roles/web-frontend.rb
index b6d80ae8c..b5597adb6 100644
--- a/roles/web-frontend.rb
+++ b/roles/web-frontend.rb
@@ -38,7 +38,7 @@ default_attributes(
       :messages => {
         :comment => "messages.openstreetmap.org",
         :domains => ["messages.openstreetmap.org"],
-        :local_parts => ["^c-(\\\\d+)-(\\\\d+)-(.*)\\$", "^m-(\\\\d+)-(.*)\\$"],
+        :local_parts => ["${lookup{$local_part}lsearch*,ret=key{/etc/exim4/detaint}}"],
         :command => "/usr/local/bin/deliver-message $local_part_data",
         :user => "rails",
         :group => "rails",