Skip to content

Commit

Permalink
refactored logic to validate host first
Browse files Browse the repository at this point in the history 
Signed-off-by: Amardeepsingh Siglani <[email protected]>
  • Loading branch information
@amsiglan
amsiglan committed Sep 25, 2024
1 parent 9e1283a commit ed90d9c
Show file tree
Hide file tree
Showing 2 changed files with 34 additions and 37 deletions.
59 changes: 28 additions & 31 deletions ...ions/core-spi/src/main/kotlin/org/opensearch/notifications/spi/utils/ValidationHelpers.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -17,7 +17,6 @@ import org.opensearch.notifications.spi.utils.ValidationHelpers.FQDN_REGEX
import java.lang.Exception
import java.net.InetAddress
import java.net.URL
import java.net.UnknownHostException

private object ValidationHelpers {
const val FQDN_REGEX =
Expand Down Expand Up @@ -53,42 +52,40 @@ fun isValidUrl(urlString: String): Boolean {
}
}

fun getResolvedIps(host: String): List<IPAddressString> {
try {
val resolvedIps = InetAddress.getAllByName(host)
return resolvedIps.map { inetAddress -> IPAddressString(inetAddress.hostAddress) }
} catch (e: Exception) {
LogManager.getLogger().error("Unable to resolve host ips")
}

return listOf()
}

fun isHostInDenylist(urlString: String, hostDenyList: List<String>): Boolean {
val url = URL(urlString)
if (url.host != null) {
try {
val resolvedIps = InetAddress.getAllByName(url.host)
val resolvedIpStrings = resolvedIps.map { inetAddress -> IPAddressString(inetAddress.hostAddress) }
val hostStr = HostName(url.host)

for (network in hostDenyList) {
val denyIpStr = IPAddressString(network)
val denyHostStr = HostName(network)
val hostInDenyList = denyHostStr.equals(hostStr)
var ipInDenyList = false

for (ipStr in resolvedIpStrings) {
if (denyIpStr.contains(ipStr)) {
ipInDenyList = true
break
}
}
val resolvedIpStrings = getResolvedIps(url.host)
val hostStr = HostName(url.host)

if (hostInDenyList || ipInDenyList) {
LogManager.getLogger().error("${url.host} is denied")
return true
for (network in hostDenyList) {
val denyIpStr = IPAddressString(network)
val denyHostStr = HostName(network)
val hostInDenyList = denyHostStr.equals(hostStr)
var ipInDenyList = false

for (ipStr in resolvedIpStrings) {
if (denyIpStr.contains(ipStr)) {
ipInDenyList = true
break
}
}
}
catch (e: UnknownHostException)
{
LogManager.getLogger().error("Error checking denylist: Unknown host")
return false
}
catch (e: Exception)
{
LogManager.getLogger().error("Error checking denylist: ${e.message}", e)
return false

if (hostInDenyList || ipInDenyList) {
LogManager.getLogger().error("${url.host} is denied")
return true
}
}
}

Expand Down
12 changes: 6 additions & 6 deletions ...cations/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt
View file
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,10 @@ fun validateUrl(urlString: String) {
}

fun validateUrlHost(urlString: String, hostDenyList: List<String>) {
val url = URL(urlString)
require( org.opensearch.notifications.spi.utils.getResolvedIps(url.host).isNotEmpty()) {
"Host could not be resolved to a valid Ip address"
}
require(!org.opensearch.notifications.spi.utils.isHostInDenylist(urlString, hostDenyList)) {
"Host of url is denied, based on plugin setting [notification.core.http.host_deny_list]"
}
Expand Down Expand Up @@ -65,14 +69,10 @@ fun isHostInDenylist(urlString: String, hostDenyList: List<String>): Boolean {
return true
}
}
}
catch (e: UnknownHostException)
{
} catch (e: UnknownHostException) {
LogManager.getLogger().error("Error checking denylist: Unknown host")
return false
}
catch (e: Exception)
{
} catch (e: Exception) {
LogManager.getLogger().error("Error checking denylist: ${e.message}", e)
return false
}
Expand Down

0 comments on commit ed90d9c

Please sign in to comment.