Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

WhitelistOnly Fix for multiple entries #199

Merged
merged 3 commits into from
May 5, 2021
Merged

WhitelistOnly Fix for multiple entries #199

merged 3 commits into from
May 5, 2021

Conversation

c-f
Copy link
Contributor

@c-f c-f commented May 3, 2021

Problem

WhitelistOnly is only used, if no more than two whitelists are available or all clients include all whitelists.

Look at the following config snippet. Two Groups are defined, each with their own set of "whitelist" entries.

blocking:
 whiteLists:
   net_one:
      - net_one_whitelist.txt
   net_two:
      - net_two_whitelist.txt
  clientGroupsBlock:
    one-client*:
       - net_one
    two-client*:
       - net_two

clientLookup:
 clients:
   one-client-1:  [127.0.0.1]
   two-client-2:  [127.0.0.2]

If multiple WhitelistOnly groups are defined, then every client, which do NOT include ALL whitelists, can resolve non-whitelist items.
The reflect.DeepEqual() list now contains the check if [net_one] == [net_one, net_two], which will always return false.

Expected Behavior: Both clients are restricted to the defined whitelistOnly domains.

Behavior: None of them have whitelist enabled.

Possible solution

  • if groupsToCheck contains ONE whitelistOnly group, then the client can only lookup whitelisted domains (this is implemented in the PR)
  • if groupsToCheck groups are ALL whitelistOnly group, then the client can only lookup whitelisted domains

I changed the data type from slice to dict for performance reason.

Best regards,
c-f

@c-f
Update blocking_resolver.go
77b022b 
Adjusted WhitelistOnly
@0xERR0R 0xERR0R added the 🐞 bug Something isn't working label May 5, 2021
@0xERR0R 0xERR0R added this to the 0.15 milestone May 5, 2021
@codecov
Copy link

codecov bot commented May 5, 2021
edited
Loading

Codecov Report

Merging #199 (b6029c9) into development (3770dd9) will decrease coverage by 0.21%.
The diff coverage is 100.00%.

Impacted file tree graph

@@               Coverage Diff               @@
##           development     #199      +/-   ##
===============================================
- Coverage        93.78%   93.56%   -0.22%     
===============================================
  Files               27       27              
  Lines             1738     1741       +3     
===============================================
- Hits              1630     1629       -1     
- Misses              80       84       +4     
  Partials            28       28
Impacted Files Coverage Δ
resolver/blocking_resolver.go 100.00% <100.00%> (ø)
resolver/query_logging_resolver.go 90.90% <0.00%> (-4.05%) ⬇️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 3770dd9...b6029c9. Read the comment docs.

@0xERR0R
Copy link
Owner

0xERR0R commented May 5, 2021

fixes #202

@0xERR0R
Copy link
Owner

0xERR0R commented May 5, 2021

@c-f Thank you for your work. I tested your PR and it works like a charm 👍

@0xERR0R 0xERR0R merged commit dd69a3e into 0xERR0R:development May 5, 2021
@0xERR0R 0xERR0R linked an issue May 6, 2021 that may be closed by this pull request
If multiple whitelist-only groups are defined, blocking of not whitelisted domains does not work #202
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
🐞 bug Something isn't working
Projects
None yet
Milestone
v0.15
Development

Successfully merging this pull request may close these issues.

If multiple whitelist-only groups are defined, blocking of not whitelisted domains does not work
2 participants
@c-f @0xERR0R