Skip to content

Commit

Permalink
adding hostname support for notifications deny list (#858)
Browse files Browse the repository at this point in the history
Signed-off-by: Dennis Toepker <[email protected]>
  • Loading branch information
toepkerd authored and riysaxen-amzn committed Aug 26, 2024
1 parent e008360 commit 72c81ac
Show file tree
Hide file tree
Showing 2 changed files with 15 additions and 8 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -5,10 +5,12 @@

package org.opensearch.notifications.core.utils

import inet.ipaddr.HostName
import inet.ipaddr.IPAddressString
import org.apache.http.client.methods.HttpPatch
import org.apache.http.client.methods.HttpPost
import org.apache.http.client.methods.HttpPut
import org.apache.logging.log4j.LogManager
import org.opensearch.core.common.Strings
import java.net.URL

Expand Down Expand Up @@ -37,9 +39,12 @@ fun isHostInDenylist(urlString: String, hostDenyList: List<String>): Boolean {
val url = URL(urlString)
if (url.host != null) {
val ipStr = IPAddressString(url.host)
val hostStr = HostName(url.host)
for (network in hostDenyList) {
val netStr = IPAddressString(network)
if (netStr.contains(ipStr)) {
val denyIpStr = IPAddressString(network)
val denyHostStr = HostName(network)
if (denyIpStr.contains(ipStr) || denyHostStr.equals(hostStr)) {
LogManager.getLogger().error("${url.host} is denied")
return true
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,8 @@ import org.junit.jupiter.api.Test

internal class ValidationHelpersTests {

private val hostDentyList = listOf(
private val hostDenyList = listOf(
"www.amazon.com",
"127.0.0.0/8",
"10.0.0.0/8",
"172.16.0.0/12",
Expand All @@ -20,8 +21,9 @@ internal class ValidationHelpersTests {
)

@Test
fun `test ips in denylist`() {
fun `test hosts in denylist`() {
val ips = listOf(
"www.amazon.com",
"127.0.0.1", // 127.0.0.0/8
"10.0.0.1", // 10.0.0.0/8
"10.11.12.13", // 10.0.0.0/8
Expand All @@ -31,15 +33,15 @@ internal class ValidationHelpersTests {
"9.9.9.9"
)
for (ip in ips) {
assertEquals(true, isHostInDenylist("https://$ip", hostDentyList))
assertEquals(true, isHostInDenylist("https://$ip", hostDenyList), "address $ip was supposed to be identified as in the deny list, but was not")
}
}

@Test
fun `test url in denylist`() {
val urls = listOf("https://www.amazon.com", "https://mytest.com", "https://mytest.com")
fun `test hosts not in denylist`() {
val urls = listOf("156.4.77.1", "www.something.com")
for (url in urls) {
assertEquals(false, isHostInDenylist(url, hostDentyList))
assertEquals(false, isHostInDenylist("https://$url", hostDenyList), "address $url was not supposed to be identified as in the deny list, but was")
}
}
}

0 comments on commit 72c81ac

Please sign in to comment.