Skip to content

Commit b066706

Browse files
Manual Backport: adding hostname support for notifications deny list (#945)
Signed-off-by: Riya Saxena <riysaxen@amazon.com>
1 parent 8203ad6 commit b066706

File tree

2 files changed

+15
-8
lines changed

2 files changed

+15
-8
lines changed

notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt

+7-2
Original file line numberDiff line numberDiff line change
@@ -5,10 +5,12 @@
55

66
package org.opensearch.notifications.core.utils
77

8+
import inet.ipaddr.HostName
89
import inet.ipaddr.IPAddressString
910
import org.apache.http.client.methods.HttpPatch
1011
import org.apache.http.client.methods.HttpPost
1112
import org.apache.http.client.methods.HttpPut
13+
import org.apache.logging.log4j.LogManager
1214
import org.opensearch.core.common.Strings
1315
import java.net.URL
1416

@@ -37,9 +39,12 @@ fun isHostInDenylist(urlString: String, hostDenyList: List<String>): Boolean {
3739
val url = URL(urlString)
3840
if (url.host != null) {
3941
val ipStr = IPAddressString(url.host)
42+
val hostStr = HostName(url.host)
4043
for (network in hostDenyList) {
41-
val netStr = IPAddressString(network)
42-
if (netStr.contains(ipStr)) {
44+
val denyIpStr = IPAddressString(network)
45+
val denyHostStr = HostName(network)
46+
if (denyIpStr.contains(ipStr) || denyHostStr.equals(hostStr)) {
47+
LogManager.getLogger().error("${url.host} is denied")
4348
return true
4449
}
4550
}

notifications/core/src/test/kotlin/org/opensearch/notifications/core/utils/ValidationHelpersTests.kt

+8-6
Original file line numberDiff line numberDiff line change
@@ -10,7 +10,8 @@ import org.junit.jupiter.api.Test
1010

1111
internal class ValidationHelpersTests {
1212

13-
private val hostDentyList = listOf(
13+
private val hostDenyList = listOf(
14+
"www.amazon.com",
1415
"127.0.0.0/8",
1516
"10.0.0.0/8",
1617
"172.16.0.0/12",
@@ -20,8 +21,9 @@ internal class ValidationHelpersTests {
2021
)
2122

2223
@Test
23-
fun `test ips in denylist`() {
24+
fun `test hosts in denylist`() {
2425
val ips = listOf(
26+
"www.amazon.com",
2527
"127.0.0.1", // 127.0.0.0/8
2628
"10.0.0.1", // 10.0.0.0/8
2729
"10.11.12.13", // 10.0.0.0/8
@@ -31,15 +33,15 @@ internal class ValidationHelpersTests {
3133
"9.9.9.9"
3234
)
3335
for (ip in ips) {
34-
assertEquals(true, isHostInDenylist("https://$ip", hostDentyList))
36+
assertEquals(true, isHostInDenylist("https://$ip", hostDenyList), "address $ip was supposed to be identified as in the deny list, but was not")
3537
}
3638
}
3739

3840
@Test
39-
fun `test url in denylist`() {
40-
val urls = listOf("https://www.amazon.com", "https://mytest.com", "https://mytest.com")
41+
fun `test hosts not in denylist`() {
42+
val urls = listOf("156.4.77.1", "www.something.com")
4143
for (url in urls) {
42-
assertEquals(false, isHostInDenylist(url, hostDentyList))
44+
assertEquals(false, isHostInDenylist("https://$url", hostDenyList), "address $url was not supposed to be identified as in the deny list, but was")
4345
}
4446
}
4547
}

0 commit comments

Comments
 (0)