From 6aa4b26ed419d905f83c3a9064577dae5c168b8c Mon Sep 17 00:00:00 2001 From: Riya <69919272+riysaxen-amzn@users.noreply.github.com> Date: Mon, 26 Aug 2024 11:02:01 -0700 Subject: [PATCH] Manual Backport: adding hostname support for notifications deny list (#945) Signed-off-by: Riya Saxena --- .../notifications/core/utils/ValidationHelpers.kt | 9 +++++++-- .../core/utils/ValidationHelpersTests.kt | 14 ++++++++------ 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt index d25f964e..86f3d9da 100644 --- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt +++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt @@ -5,10 +5,12 @@ package org.opensearch.notifications.core.utils +import inet.ipaddr.HostName import inet.ipaddr.IPAddressString import org.apache.http.client.methods.HttpPatch import org.apache.http.client.methods.HttpPost import org.apache.http.client.methods.HttpPut +import org.apache.logging.log4j.LogManager import org.opensearch.common.Strings import java.net.URL @@ -37,9 +39,12 @@ fun isHostInDenylist(urlString: String, hostDenyList: List): Boolean { val url = URL(urlString) if (url.host != null) { val ipStr = IPAddressString(url.host) + val hostStr = HostName(url.host) for (network in hostDenyList) { - val netStr = IPAddressString(network) - if (netStr.contains(ipStr)) { + val denyIpStr = IPAddressString(network) + val denyHostStr = HostName(network) + if (denyIpStr.contains(ipStr) || denyHostStr.equals(hostStr)) { + LogManager.getLogger().error("${url.host} is denied") return true } } diff --git a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt index c964b3de..848fca8d 100644 --- a/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt +++ b/notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt @@ -10,7 +10,8 @@ import org.junit.jupiter.api.Test internal class ValidationHelpersTests { - private val hostDentyList = listOf( + private val hostDenyList = listOf( + "www.amazon.com", "127.0.0.0/8", "10.0.0.0/8", "172.16.0.0/12", @@ -20,8 +21,9 @@ internal class ValidationHelpersTests { ) @Test - fun `test ips in denylist`() { + fun `test hosts in denylist`() { val ips = listOf( + "www.amazon.com", "127.0.0.1", // 127.0.0.0/8 "10.0.0.1", // 10.0.0.0/8 "10.11.12.13", // 10.0.0.0/8 @@ -31,15 +33,15 @@ internal class ValidationHelpersTests { "9.9.9.9" ) for (ip in ips) { - assertEquals(true, isHostInDenylist("https://$ip", hostDentyList)) + assertEquals(true, isHostInDenylist("https://$ip", hostDenyList), "address $ip was supposed to be identified as in the deny list, but was not") } } @Test - fun `test url in denylist`() { - val urls = listOf("https://www.amazon.com", "https://mytest.com", "https://mytest.com") + fun `test hosts not in denylist`() { + val urls = listOf("156.4.77.1", "www.something.com") for (url in urls) { - assertEquals(false, isHostInDenylist(url, hostDentyList)) + assertEquals(false, isHostInDenylist("https://$url", hostDenyList), "address $url was not supposed to be identified as in the deny list, but was") } } }