#!trydef SANITY_CHECK_USE_PORT 1
#!trydef SANITY_DROPS_REQUEST 1
#!trydef SANITY_DEFAULT_CHECK 17895
#!trydef SANITY_URI_CHECKS 7
#!trydef SANITY_TRACE_REQUEST 1

#!substdef "!SANITY_SUBST_CACHE_PERIOD!$def(SANITY_CACHE_PERIOD)!g"

######## SIP message formatting sanity checks [requires sl] ########
loadmodule "sanity.so"
modparam("sanity", "default_checks", SANITY_DEFAULT_CHECK)
modparam("sanity", "uri_checks", SANITY_URI_CHECKS)
modparam("sanity", "autodrop", 0)
modparam("sanity", "noreply", 1)

modparam("debugger", "mod_level", "sanity=-3")

kazoo.sanity_check_use_port = SANITY_CHECK_USE_PORT descr "should we keep track of ip and port for sanity failures"
kazoo.sanity_drops_request = SANITY_DROPS_REQUEST descr "should we drop the request or send error on sanity failure"
kazoo.sanity_trace_request = SANITY_TRACE_REQUEST descr "should we trace the request if sip trace role is enabled"

route[SANITY_CHECK]
{
    ## CVE-2018-14767
    if($(hdr(To)[1]) != $null) {
        xlog("second To header not null - dropping message");
        drop;
    }

    $var(sanity_key) = "";
    if($sel(cfg_get.kazoo.sanity_check_use_port) == 1) {
        $var(sanity_key) = $_s("$si::$sp");
    } else {
        $var(sanity_key) = $_s("$si");
    }

    if (!sanity_check()) {
        #!ifdef SIP_TRACE_ROLE
        sip_trace();
        #!endif
        if($sel(cfg_get.kazoo.sanity_drops_request) == 1) {
            xlog("L_WARN", "$ci|end|dropping insane message from $si:$sp\n");
            drop;
        } else {
            xlog("L_WARN", "$ci|end|insane message from $si:$sp\n");
            send_reply("400", "Bad Request");
            exit;
        }
    }

    if (!mf_process_maxfwd_header("10")) {
        xlog("L_WARN", "$ci|end|too much hops, not enough barley from $si:$sp\n");
        send_reply("483", "Too Many Hops");
        exit;
    }

    if ($ua == "friendly-scanner" ||
        $ua == "sundayddr" ||
        $ua == "pplsip" ||
        $ua =~ "NiceGuy" ||
        $ua =~ "PortSIP" ||
        $ua =~ "sipcli" ) {
        xlog("L_WARN", "$ci|end|dropping message with user-agent $ua from $si:$sp\n");
        drop;
    }

    if(sdp_content()) {
        if(sdp_get_line_startswith("$avp(sanity_sline)", "s=")) {
            if ($avp(sanity_sline) == "s=portsip.com") {
                xlog("L_WARN", "$ci|end|dropping message with '$avp(sanity_sline)' string in SDP\n");
                exit;
            }
        }
    }
}