haraka-plugin-karma 2.5.0 → 2.5.2

package/CHANGELOG.md

@@ -4,7 +4,22 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/).
 
 ### Unreleased
 
-### [2.5.0] - 2026-05-17
+### [2.5.2] - 2026-06-07
+
+- fix: update redis hmSet -> hSet
+- test: refactored against test-fixtures 1.7.0 (#72)
+
+### [2.5.1] - 2026-05-24
+
+- fix: guard pubsub JSON.parse and validate payload shape in check_result
+- fix: guard new RegExp() in check_result_match against invalid config
+- fix: results_init fast-path now calls next() when notes.redis exists
+- fix: preserve originating plugin on awards so AUTH repeat-scoring works
+- fix: check_result_length measures collection length per karma.ini docs
+- fix: detect empty hGetAll ({}) in ip_history_from_redis and check_asn (node-redis v4)
+- docs: README threshold wording matches deny boundary
+
+### [2.5.0] - 2026-05-24
 
 - dep(address-rfc2821): -> @haraka/email-address
 
@@ -184,3 +199,5 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/).
 [2.4.0]: https://github.com/haraka/haraka-plugin-karma/releases/tag/v2.4.0
 [2.4.1]: https://github.com/haraka/haraka-plugin-karma/releases/tag/v2.4.1
 [2.5.0]: https://github.com/haraka/haraka-plugin-karma/releases/tag/v2.5.0
+[2.5.1]: https://github.com/haraka/haraka-plugin-karma/releases/tag/v2.5.1
+[2.5.2]: https://github.com/haraka/haraka-plugin-karma/releases/tag/v2.5.2

package/README.md

@@ -1,9 +1,7 @@
-[![Build Status][ci-img]][ci-url]
-[![Code Climate][clim-img]][clim-url]
-[![Code Coverage][cov-img]][cov-url]
-
 # Karma - A heuristics based reputation engine for the Haraka MTA
 
+[![Test][ci-img]][ci-url] [![Cover][cov-img]][cov-url] [![Qlty][qlty-img]][qlty-url]
+
 Karma is a heuristic scoring engine that uses connection metadata and other Haraka plugin data as inputs. Connections scoring in excess of specified thresholds are rewarded or [penalized](#penalties) in proportionate ways.
 
 ## Description
@@ -20,7 +18,7 @@ In order to score a plugins results, plugins must save their results to the [Res
 
 ## How Karma Works
 
-Karma takes a holistic view of **connections**. During the connection, karma collects these results and applies the [result_awards](#awards) defined in `karma.ini`. Once a connection/message exceeds the threshold.negative score (default: -8), karma rejects it at the next [deny]hook.
+Karma takes a holistic view of **connections**. During the connection, karma collects these results and applies the [result_awards](#awards) defined in `karma.ini`. Once a connection/message reaches the threshold.negative score (default: -8), karma rejects it at the next [deny]hook.
 
 The scoring mechanism is not dissimilar to [SpamAssassin][sa-url], but Karma has some particular advantages:
 
@@ -51,7 +49,7 @@ Karma performs checks early and often, maximizing the penality it can exact upon
 
 ### Deny / Reject
 
-When connections become worse than [thresholds]negative, they are denied during the next [deny]hook.
+When a connection's score reaches [thresholds]negative (equal or lower), it is denied during the next [deny]hook.
 
 ### History
 
@@ -186,6 +184,14 @@ Karma is most effective at filtering mail delivered by bots and rogue servers.
 Spam delivered by servers with good reputations normally pass karma's checks.
 Expect to use karma _with_ content filters.
 
+<!-- leave these buried at the bottom of the document -->
+
+[ci-img]: https://github.com/haraka/haraka-plugin-karma/actions/workflows/ci.yml/badge.svg
+[ci-url]: https://github.com/haraka/haraka-plugin-karma/actions/workflows/ci.yml
+[cov-img]: https://codecov.io/github/haraka/haraka-plugin-karma/coverage.svg
+[cov-url]: https://codecov.io/github/haraka/haraka-plugin-karma
+[qlty-img]: https://qlty.sh/gh/haraka/projects/haraka-plugin-karma/maintainability.svg
+[qlty-url]: https://qlty.sh/gh/haraka/projects/haraka-plugin-karma
 [p0f-url]: /manual/plugins/connect.p0f.html
 [geoip-url]: https://github.com/haraka/haraka-plugin-geoip
 [dnsbl-url]: /manual/plugins/dnsbl.html
@@ -194,9 +200,3 @@ Expect to use karma _with_ content filters.
 [sa-url]: http://haraka.github.io/manual/plugins/spamassassin.html
 [snf-url]: http://haraka.github.io/manual/plugins/messagesniffer.html
 [results-url]: http://haraka.github.io/manual/Results.html
-[ci-img]: https://github.com/haraka/haraka-plugin-karma/actions/workflows/ci.yml/badge.svg
-[ci-url]: https://github.com/haraka/haraka-plugin-karma/actions/workflows/ci.yml
-[cov-img]: https://codecov.io/github/haraka/haraka-plugin-karma/coverage.svg
-[cov-url]: https://codecov.io/github/haraka/haraka-plugin-karma
-[clim-img]: https://qlty.sh/gh/haraka/projects/haraka-plugin-karma/maintainability.svg
-[clim-url]: https://qlty.sh/gh/haraka/projects/haraka-plugin-karma

package/index.js

@@ -101,7 +101,7 @@ exports.results_init = async function (next, connection) {
 
   if (connection.notes.redis) {
     connection.logdebug(this, `redis already subscribed`)
-    return // another plugin has already called this.
+    return next() // another plugin has already called this.
   }
 
   connection.notes.redis = redis.createClient(this.redisCfg.pubsub)
@@ -134,7 +134,15 @@ exports.preparse_result_awards = function () {
 
     if (!ra[pi_name][prop]) ra[pi_name][prop] = []
 
-    ra[pi_name][prop].push({ id: anum, operator, value, award, reason, resolv })
+    ra[pi_name][prop].push({
+      id: anum,
+      plugin: pi_name,
+      operator,
+      value,
+      award,
+      reason,
+      resolv,
+    })
   }
 }
 
@@ -142,8 +150,17 @@ exports.check_result = function (connection, message) {
   // {"plugin":"karma","result":{"fail":"spamassassin.hits"}}
   // {"plugin":"geoip","result":{"country":"CN"}}
 
-  const m = JSON.parse(message)
-  if (m?.result?.asn) {
+  let m
+  try {
+    m = JSON.parse(message)
+  } catch (err) {
+    connection.logerror(this, `invalid pubsub payload: ${err.message}`)
+    return
+  }
+  if (!m || typeof m !== 'object' || typeof m.plugin !== 'string') return
+  if (!m.result || typeof m.result !== 'object') return
+
+  if (m.result.asn) {
     this.check_result_asn(m.result.asn, connection)
   }
   if (!this.result_awards[m.plugin]) return // no awards for plugin
@@ -247,7 +264,13 @@ exports.check_result_equal = function (thisResult, thisAward, conn) {
 }
 
 exports.check_result_match = function (thisResult, thisAward, conn) {
-  const re = new RegExp(thisAward.value, 'i')
+  let re
+  try {
+    re = new RegExp(thisAward.value, 'i')
+  } catch {
+    conn.results.add(this, { err: `invalid regex: ${thisAward.value}` })
+    return
+  }
 
   for (const element of thisResult) {
     if (!re.test(element)) continue
@@ -259,29 +282,31 @@ exports.check_result_match = function (thisResult, thisAward, conn) {
 }
 
 exports.check_result_length = function (thisResult, thisAward, conn) {
-  for (const element of thisResult) {
-    const [operator, qty] = thisAward.value.split(/\s+/)
+  const [operator, qty] = thisAward.value.split(/\s+/)
+  const len = thisResult.length
+  const threshold = parseFloat(qty)
+
+  switch (operator) {
+    case 'eq':
+    case 'equal':
+    case 'equals':
+      if (len !== threshold) return
+      break
+    case 'gt':
+      if (len <= threshold) return
+      break
+    case 'lt':
+      if (len >= threshold) return
+      break
+    default:
+      conn.results.add(this, { err: `invalid operator: ${operator}` })
+      return
+  }
 
-    switch (operator) {
-      case 'eq':
-      case 'equal':
-      case 'equals':
-        if (parseInt(element, 10) != parseInt(qty, 10)) continue
-        break
-      case 'gt':
-        if (parseInt(element, 10) <= parseInt(qty, 10)) continue
-        break
-      case 'lt':
-        if (parseInt(element, 10) >= parseInt(qty, 10)) continue
-        break
-      default:
-        conn.results.add(this, { err: `invalid operator: ${operator}` })
-        continue
-    }
+  if (conn.results.has('karma', 'awards', thisAward.id)) return
 
-    conn.results.incr(this, { score: thisAward.award })
-    conn.results.push(this, { awards: thisAward.id })
-  }
+  conn.results.incr(this, { score: thisAward.award })
+  conn.results.push(this, { awards: thisAward.id })
 }
 
 exports.check_result_exists = function (thisResult, thisAward, conn) {
@@ -577,7 +602,7 @@ exports.ip_history_from_redis = async function (next, connection) {
   try {
     const dbr = await this.db.hGetAll(dbkey)
 
-    if (dbr === null) {
+    if (!dbr || Object.keys(dbr).length === 0) {
       this.init_ip(dbkey, connection.remote.ip, expire)
       return next()
     }
@@ -982,7 +1007,7 @@ exports.check_asn = async function (connection, asnkey) {
   try {
     const res = await this.db.hGetAll(asnkey)
 
-    if (res === null) {
+    if (!res || Object.keys(res).length === 0) {
       const expire = (this.cfg.redis.expire_days || 60) * 86400 // days
       this.init_asn(asnkey, expire)
       return
@@ -1017,7 +1042,7 @@ exports.init_ip = async function (dbkey, rip, expire) {
   if (!this.db) return
   await this.db
     .multi()
-    .hmSet(dbkey, { bad: 0, good: 0, connections: 1 })
+    .hSet(dbkey, { bad: 0, good: 0, connections: 1 })
     .expire(dbkey, expire)
     .exec()
 }
@@ -1034,7 +1059,7 @@ exports.init_asn = function (asnkey, expire) {
   if (!this.db) return
   this.db
     .multi()
-    .hmSet(asnkey, { bad: 0, good: 0, connections: 1 })
+    .hSet(asnkey, { bad: 0, good: 0, connections: 1 })
     .expire(asnkey, expire * 2) // keep ASN longer
     .exec()
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "haraka-plugin-karma",
-  "version": "2.5.0",
+  "version": "2.5.2",
   "description": "A heuristics scoring and reputation engine for SMTP connections",
   "main": "index.js",
   "files": [
@@ -8,15 +8,17 @@
     "config"
   ],
   "scripts": {
+    "prepare": "git rev-parse --git-dir >/dev/null 2>&1 && git config core.hooksPath .githooks || true",
     "clean": "rm -rf node_modules package-lock.json",
     "format": "npm run prettier:fix && npm run lint:fix",
     "lint": "npx eslint *.js test",
     "lint:fix": "npx eslint *.js test --fix",
     "prettier": "npx prettier . --check",
     "prettier:fix": "npx prettier . --write --log-level=warn",
+    "qlty": "qlty smells --all",
     "test": "node --test",
-    "test:coverage": "node --test --experimental-test-coverage --test-coverage-exclude=package.json --test-coverage-exclude=test/*.js",
-    "test:coverage:lcov": "mkdir -p coverage && node --test --experimental-test-coverage --test-reporter=lcov --test-reporter-destination=coverage/lcov.info test/*.js",
+    "test:coverage": "node --test --experimental-test-coverage --test-coverage-include=index.js",
+    "test:coverage:lcov": "mkdir -p coverage && node --test --experimental-test-coverage --test-coverage-include=index.js --test-reporter=lcov --test-reporter-destination=coverage/lcov.info test/*.js",
     "versions": "npx npm-dep-mgr check",
     "versions:fix": "npx npm-dep-mgr update"
   },
@@ -34,13 +36,13 @@
   },
   "homepage": "https://github.com/haraka/haraka-plugin-karma#readme",
   "dependencies": {
-    "haraka-constants": "^1.0.7",
-    "haraka-plugin-redis": "^2.0.11"
+    "haraka-constants": "^1.0.8",
+    "haraka-plugin-redis": "^2.1.0"
   },
   "devDependencies": {
-    "@haraka/email-address": "^3.1.2",
-    "@haraka/eslint-config": "^2.0.4",
-    "haraka-test-fixtures": "^1.4.3"
+    "@haraka/email-address": "^3.1.6",
+    "@haraka/eslint-config": "^3.0.0",
+    "haraka-test-fixtures": "^1.7.1"
   },
   "prettier": {
     "singleQuote": true,