Pull request: 3381 check private domains

Merge in DNS/adguard-home from 3381-validate-privateness to master Closes #3381. Squashed commit of the following: commit 21cb12d10b07bb0bf0578db74ca9ac7b3ac5ae14 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Feb 14 16:29:59 2022 +0300 all: imp code, docs commit 39793551438cbea71e6ec78d0e05bee2d8dba3e5 Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Feb 14 15:08:36 2022 +0300 all: imp code, docs commit 6b71848fd0980582b1bfe24a34f48608795e9b7d Author: Eugene Burkov <E.Burkov@AdGuard.COM> Date: Mon Feb 14 14:22:00 2022 +0300 all: check private domains
2022-02-14 16:56:14 +03:00
parent b43aa86cae
commit f131067278
7 changed files with 262 additions and 109 deletions
--- a/internal/dnsforward/http_test.go
+++ b/internal/dnsforward/http_test.go
@@ -184,12 +184,11 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 		wantSet: "",
 	}, {
 		name: "upstream_dns_bad",
-		wantSet: `wrong upstreams specification: bad ipport address "!!!": address !!!: ` +
-			`missing port in address`,
+		wantSet: `validating upstream servers: bad ipport address "!!!": ` +
+			`address !!!: missing port in address`,
 	}, {
 		name: "bootstraps_bad",
-		wantSet: `a can not be used as bootstrap dns cause: ` +
-			`invalid bootstrap server address: ` +
+		wantSet: `checking bootstrap a: invalid address: ` +
 			`Resolver a is not eligible to be a bootstrap DNS server`,
 	}, {
 		name:    "cache_bad_ttl",
@@ -200,6 +199,10 @@ func TestDNSForwardHTTP_handleSetConfig(t *testing.T) {
 	}, {
 		name:    "local_ptr_upstreams_good",
 		wantSet: "",
+	}, {
+		name: "local_ptr_upstreams_bad",
+		wantSet: `validating private upstream servers: checking domain-specific upstreams: ` +
+			`bad arpa domain name "non.arpa": not a reversed ip network`,
 	}, {
 		name:    "local_ptr_upstreams_null",
 		wantSet: "",
@@ -350,7 +353,7 @@ func TestValidateUpstream(t *testing.T) {
 	}
 }

-func TestValidateUpstreamsSet(t *testing.T) {
+func TestValidateUpstreams(t *testing.T) {
 	testCases := []struct {
 		name    string
 		wantErr string
@@ -397,3 +400,52 @@ func TestValidateUpstreamsSet(t *testing.T) {
 		})
 	}
 }
+
+func TestValidateUpstreamsPrivate(t *testing.T) {
+	snd, err := aghnet.NewSubnetDetector()
+	require.NoError(t, err)
+
+	testCases := []struct {
+		name    string
+		wantErr string
+		u       string
+	}{{
+		name:    "success_address",
+		wantErr: ``,
+		u:       "[/1.0.0.127.in-addr.arpa/]#",
+	}, {
+		name:    "success_subnet",
+		wantErr: ``,
+		u:       "[/127.in-addr.arpa/]#",
+	}, {
+		name: "not_arpa_subnet",
+		wantErr: `checking domain-specific upstreams: ` +
+			`bad arpa domain name "hello.world": not a reversed ip network`,
+		u: "[/hello.world/]#",
+	}, {
+		name: "non-private_arpa_address",
+		wantErr: `checking domain-specific upstreams: ` +
+			`arpa domain "1.2.3.4.in-addr.arpa." should point to a locally-served network`,
+		u: "[/1.2.3.4.in-addr.arpa/]#",
+	}, {
+		name: "non-private_arpa_subnet",
+		wantErr: `checking domain-specific upstreams: ` +
+			`arpa domain "128.in-addr.arpa." should point to a locally-served network`,
+		u: "[/128.in-addr.arpa/]#",
+	}, {
+		name: "several_bad",
+		wantErr: `checking domain-specific upstreams: 2 errors: ` +
+			`"arpa domain \"1.2.3.4.in-addr.arpa.\" should point to a locally-served network", ` +
+			`"bad arpa domain name \"non.arpa\": not a reversed ip network"`,
+		u: "[/non.arpa/1.2.3.4.in-addr.arpa/127.in-addr.arpa/]#",
+	}}
+
+	for _, tc := range testCases {
+		set := []string{"192.168.0.1", tc.u}
+
+		t.Run(tc.name, func(t *testing.T) {
+			err = ValidateUpstreamsPrivate(set, snd)
+			testutil.AssertErrorMsg(t, tc.wantErr, err)
+		})
+	}
+}