Regex Always Matching

Asterisk Asterisk Dialplan
1

Hi everyone

I am trying to match bogus SIP User-Agents using functionalists_regex() but for some reason it always evaluates to true and I cannot see why. Note the 2 different BogusUA variables at the top - I’m using Bria and it matches regardless.

exten = s,n,Set(BogusUA="bria,sipcli,sipvicious,sip-scan,sipsak,sundayddr,friendly-scanner,iWar,CSipSimple,SIVuS,Gulp,sipv,smap,friendly-request,VaxIPUserAgent,VaxSIPUserAgent,siparmyknife,Test\ Agent,undefined,random,eyeBeam,Unknown,Asterisk,Zoiper,X-Lite,Nuvois,bc-uc/i")
;exten = s,n,Set(BogusUA="sipcli,sipvicious,sip-scan,sipsak,sundayddr,friendly-scanner,iWar,CSipSimple,SIVuS,Gulp,sipv,smap,friendly-request,VaxIPUserAgent,VaxSIPUserAgent,siparmyknife,Test\ Agent,undefined,random,eyeBeam,Unknown,Asterisk,Zoiper,X-Lite,Nuvois,bc-uc*$/i")
exten = s,n,Set(UAResult=${REGEX("${BogusUA}" ${SIP_HEADER(User-Agent)})})
exten = s,n,NoOp(**** ${UAResult} ****)
exten = s,n,GotoIf($[${UAResult} = 1]?hangup:continue)
exten = s,n(hangup),NoOp(**** BogusUA Detected - "${SIP_HEADER(User-Agent)}" - Hanging Up! ****)
exten = s,n(hangup),Hangup()
exten = s,n(continue),NoOp(**** User Agent is allowed - continue ****)
exten = s,n(continue),Return()

Please can someone tell me what I’m doing wrong?

Many thanks!

2

There are no operator characters in your regular expression, so it will require a literal match. The operator for alternatives is |

3

Thanks for the reply. However if I change it to | I get an error:

pbx.c:1675 pbx_exec: The application delimiter is now the comma, not the pipe. Did you forget to convert your dialplan?

Looks like it was changed some time ago from | to ,

4

However, that would fail the other way. I think the real problem is that your regular expression, after substitution starts with “”, so is probably parsed as an empty string.

I’m pretty sure that Asterisk doesn’t strip quotes except in special cases.

I think it does recursively expand parameters, in all cases, so I don’t think the expression is seen as starting with a $

5

You’ll need to escape the | I’m not sure if you need to double escape it, as I seem to remember it is an extended regular expression character and I can’t remember if REGEX uses standard or extended regular expressions.

6

OK so I remove the quotes and escaped/double escaped the pipe seperators but I still get the delimiter error.
So now my regex looks like this:

exten = s,n,Set(BogusUA=bria\\|sipcli\\|sipvicious\\|sip-scan\\|sipsak\\|sundayddr\\|friendly-scanner\\|iWar\\|CSipSimple\\|SIVuS\\|Gulp\\|sipv\\|smap\\|friendly-request\\|VaxIPUserAgent\\|VaxSIPUserAgent\\|siparmyknife\\|Test\ Agent\\|undefined\\|random\\|eyeBeam\\|Unknown\\|Asterisk\\|Zoiper\\|X-Lite\\|Nuvois\\|bc-uc/i)

7

You need either one or three /s, depending on whether regular expressions are processed in extended mode by default.

8

Is ‘whitelisting’ a possibility so you don’t have to play ‘whack-a-mole’ with an ever growing blacklist?

I would suggest that ‘dialplan’ is not the best place for this.

I’d do it as an AGI where you can build a nice little ‘black box’ where you will not have to deal with obtuse quoting and can build your match list in a maintainable method. Something like (in Perl):

my $bogus_uas = 'dummy';
$bogus_uas .= '|bria';
$bogus_uas .= '|sipcli';
$bogus_uas .= '|sipvicious';

my $suspect_ua = 'sipcli';

if      ($suspect_ua =~ $bogus_uas)
        {
        say 'hangup';
        }
else
        {
        say 'good to go';
        }
exit;
9

Thanks sedward. Thats interesting, I’ve never used AGI.

In the mean time, I tried:

exten = s,n,Set(BogusUA=bria\\\|sipcli\\\|sipvicious\\\|sip-scan\\\|sipsak\\\|sundayddr\\\|friendly-scanner\\\|iWar\\\|CSipSimple\\\|SIVuS\\\|Gulp\\\|sipv\\\|smap\\\|friendly-request\\\|VaxIPUserAgent\\\|VaxSIPUserAgent\\\|siparmyknife\\\|Test\ Agent\\\|undefined\\\|random\\\|eyeBeam\\\|Unknown\\\|Asterisk\\\|Zoiper\\\|X-Lite\\\|Nuvois\\\|bc-uc/i)

But:

WARNING[6442][C-0011acb9]: pbx.c:1675 pbx_exec: The application delimiter is now the comma, not the pipe. Did you forget to convert your dialplan? (Set(BogusUA=bria\\\|sipcli\\\|sipvicious\\\|sip-scan\\\|sipsak\\\|sundayddr\\\|friendly-scanner\\\|iWar\\\|CSipSimple\\\|SIVuS\\\|Gulp\\\|sipv\\\|smap\\\|friendly-request\\\|VaxIPUserAgent\\\|VaxSIPUserAgent\\\|siparmyknife\\\|Test\ Agent\\\|undefined\\\|random\\\|eyeBeam\\\|Unknown\\\|Asterisk\\\|Zoiper\\\|X-Lite\\\|Nuvois\\\|bc-uc/i))

10

The application delimiter did change, but not the REGEX one.

Try simplifying your dialplan just for a test.

ExecIf($[${REGEX("bria|sipcli|sipvicious",${SIP_HEADER(User-Agent)} = 1])?Playback(hello-world))

11

Hi, just coming back to this after some other tasks.

So now I have:

exten = s,1,NoOp(**** Checking SIP User Agent - ${SIP_HEADER(User-Agent)} ****) exten = s,n,Set(UA=${SIP_HEADER(User-Agent)}) exten = s,n,NoOp(${UA}) exten = s,n,ExecIf($["${UA}":${REGEX("Bria.*|sipcli|sipvicious")}="1"]?NoOp(**** Bogus UA Found! ****):NoOp(GoodUA))

But the always falls through as UNKNOWN.

What am I doing wrong?

-- Executing [07XXXXXXXXX@DLPN_All:1] Macro("SIP/2099-0000023a", "DialOutbound,07XXXXXXXXX,OUT") in new stack
    -- Executing [s@macro-DialOutbound:1] Gosub("SIP/2099-0000023a", "BogusUA,s,1") in new stack
    -- Executing [s@BogusUA:1] NoOp("SIP/2099-0000023a", "**** Checking SIP User Agent - Bria 5 release 5.7.1 stamp 100932 ****") in new stack
    -- Executing [s@BogusUA:2] Set("SIP/2099-0000023a", "UA=Bria 5 release 5.7.1 stamp 100932") in new stack
    -- Executing [s@BogusUA:3] NoOp("SIP/2099-0000023a", "Bria 5 release 5.7.1 stamp 100932") in new stack
    -- Executing [s@BogusUA:4] ExecIf("SIP/2099-0000023a", "0?NoOp(**** Bogus UA Found! ****):NoOp(GoodUA)") in new stack
    -- Auto fallthrough, channel 'SIP/2099-0000023a' status is 'UNKNOWN'
12

OK think Ive got it working now.

exten = s,n,ExecIF($[${REGEX("Bria.*|sipcli/i",${UA})} = 1]?Hangup():Return())

Seems to do the trick.

1 Like
13

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.