Restore audit wildcard-support

[DL6ER]

By submitting this pull request, I confirm the following:

• I have read and understood the contributors guide.
• I have checked that another pull request for this purpose does not exist.
• I have considered, and confirmed that this submission will be valuable to others.
• I accept that this submission may not be used, and the pull request closed at the will of the maintainer.
• I give this submission freely, and claim no ownership to its content.

How familiar are you with the codebase?:

10

---

With Pi-hole v4.x we had wildcard-support in the audit log. When migrating this list into the database, we lost this ability. This PR is the successor of #722 which aimed at restoring this feature. A few changes were necessary that exceeded Github's ability to suggest changes so I moved this into a new PR, preserving the OP's authorship of the first commit.

This PR is milestoned for still being included in the v5.0 release.

[DL6ER]

@silibum Please review my proposed changes.

You can even test this yourself when running

pihole checkout ftl new/audit_wildcards

(note that this does only work when you are already on the beta testing branches).

I changed three things in here:

1. Added indentation and comments for clarity (always a good thing)
2. Changed from numbered to names SQL parameters (this allows us to only have to bind once), I added a comment about how this works further down in the same file, where the domain is actually bound to the prepared statement
3. I fixed the ELSE clause from substr(:input, - length(domain)) to just :input.
   Otherwise, it would cause wildcard-behavior also for non-* domains.
   Let me give an example:
   1. local in the database
   2. something.local as input (domain to be checked against the audit table)
   3. The string manipulation you had in there caused the input domain to be truncated from the right to (length(domain) = length('local') = 5), i.e. "something.local" -> "local"
   4. the result (stored in matcher) is identical to domain and leads to a false positive

[silibum]

Hey,

looks good. Compiled and running without any issue - I "missed" to test the non prefixed version: I have 122 entries in my table and just noticed that are 0 non prefixed... I don't use the AdminLTE for adding to the list (now I use phpLiteAdmin and before I edited the .list-file) - Wrong testing 👎

Comments - Yeah not everyone knows what that query does - just thought it was self explaining enough but better to comment that query a bit.

Thanks for the fixing/improving - looks solid. Credits aren't important to me (specially because this wasn't 100% tested before submitting) - I (and I'm sure many others) just like to retain wildcard-support with v5.x ;-)

[DL6ER]

Then this is ready for review + approval + merge.

Git can automatically preserve authorship when you know how to do it, see the details of the first commit in this PR:

[pralor-bot]

This pull request has been mentioned on Pi-hole Userspace. There might be relevant details there:

https://discourse.pi-hole.net/t/wildcard-auditing/6080/7