[mv3] Detect and discard regex-based from=/to= domains

This commit is contained in:
Raymond Hill 2023-12-05 09:18:58 -05:00
parent b8b4193f15
commit 71be1a4fe5
No known key found for this signature in database
GPG key ID: 25E1490B761470C2

View file

@ -1925,13 +1925,13 @@ class FilterFromDomainMissSet extends FilterFromDomainHitSet {
return super.match(idata) === false;
}
static logData(idata, details) {
details.fromDomains.push('~' + this.getDomainOpt(idata).replace(/\|/g, '|~'));
}
static get dnrConditionName() {
return 'excludedInitiatorDomains';
}
static logData(idata, details) {
details.fromDomains.push('~' + this.getDomainOpt(idata).replace(/\|/g, '|~'));
}
}
class FilterFromRegexHit extends FilterDomainRegexHit {
@ -1939,6 +1939,10 @@ class FilterFromRegexHit extends FilterDomainRegexHit {
return $docHostname;
}
static get dnrConditionName() {
return 'initiatorDomains';
}
static logData(idata, details) {
details.fromDomains.push(`${this.getDomainOpt(idata)}`);
}
@ -1949,6 +1953,10 @@ class FilterFromRegexMiss extends FilterFromRegexHit {
return super.match(idata) === false;
}
static get dnrConditionName() {
return 'excludedInitiatorDomains';
}
static logData(idata, details) {
details.fromDomains.push(`~${this.getDomainOpt(idata)}`);
}
@ -2064,6 +2072,10 @@ class FilterToRegexHit extends FilterDomainRegexHit {
return $requestHostname;
}
static get dnrConditionName() {
return 'requestDomains';
}
static logData(idata, details) {
details.toDomains.push(`${this.getDomainOpt(idata)}`);
}
@ -2074,6 +2086,10 @@ class FilterToRegexMiss extends FilterToRegexHit {
return super.match(idata) === false;
}
static get dnrConditionName() {
return 'excludedRequestDomains';
}
static logData(idata, details) {
details.toDomains.push(`~${this.getDomainOpt(idata)}`);
}
@ -4430,34 +4446,38 @@ FilterContainer.prototype.dnrFromCompiled = function(op, context, ...args) {
}
}
// Detect and attempt salvage of rules with entity-based hostnames.
// Detect and attempt salvage of rules with entity-based hostnames and/or
// regex-based domains.
const isUnsupportedDomain = hn => hn.endsWith('.*') || hn.startsWith('/');
for ( const rule of ruleset ) {
if ( rule.condition === undefined ) { continue; }
if (
Array.isArray(rule.condition.initiatorDomains) &&
rule.condition.initiatorDomains.some(hn => hn.endsWith('.*'))
) {
const domains = rule.condition.initiatorDomains.filter(
hn => hn.endsWith('.*') === false
);
if ( domains.length === 0 ) {
dnrAddRuleError(rule, `Can't salvage rule with only entity-based domain= option: ${rule.condition.initiatorDomains.join('|')}`);
} else {
dnrAddRuleWarning(rule, `Salvaged rule by ignoring ${rule.condition.initiatorDomains.length - domains.length} entity-based domain= option: ${rule.condition.initiatorDomains.join('|')}`);
rule.condition.initiatorDomains = domains;
for ( const prop of [ 'Initiator', 'Request' ] ) {
const hitProp = `${prop.toLowerCase()}Domains`;
if ( Array.isArray(rule.condition[hitProp]) ) {
if ( rule.condition[hitProp].some(hn => isUnsupportedDomain(hn)) ) {
const domains = rule.condition[hitProp].filter(
hn => isUnsupportedDomain(hn) === false
);
if ( domains.length === 0 ) {
dnrAddRuleError(rule, `Can't salvage rule with unsupported domain= option: ${rule.condition[hitProp].join('|')}`);
} else {
dnrAddRuleWarning(rule, `Salvaged rule by ignoring ${rule.condition[hitProp].length - domains.length} unsupported domain= option: ${rule.condition[hitProp].join('|')}`);
rule.condition[hitProp] = domains;
}
}
}
const missProp = `excluded${prop}Domains`;
if ( Array.isArray(rule.condition[missProp]) ) {
if ( rule.condition[missProp].some(hn => isUnsupportedDomain(hn)) ) {
const domains = rule.condition[missProp].filter(
hn => isUnsupportedDomain(hn) === false
);
rule.condition[missProp] =
domains.length !== 0
? domains
: undefined;
}
}
}
if (
Array.isArray(rule.condition.excludedInitiatorDomains) &&
rule.condition.excludedInitiatorDomains.some(hn => hn.endsWith('.*'))
) {
const domains = rule.condition.excludedInitiatorDomains.filter(
hn => hn.endsWith('.*') === false
);
rule.condition.excludedInitiatorDomains =
domains.length !== 0
? domains
: undefined;
}
}