From ed90d9c616ab5cca90207370611bec693cca08df Mon Sep 17 00:00:00 2001
From: Amardeepsingh Siglani <amardeep7194@gmail.com>
Date: Tue, 24 Sep 2024 19:56:45 -0700
Subject: [PATCH] refactored logic to validate host first

Signed-off-by: Amardeepsingh Siglani <amardeep7194@gmail.com>
---
 .../spi/utils/ValidationHelpers.kt            | 59 +++++++++----------
 .../core/utils/ValidationHelpers.kt           | 12 ++--
 2 files changed, 34 insertions(+), 37 deletions(-)

diff --git a/notifications/core-spi/src/main/kotlin/org/opensearch/notifications/spi/utils/ValidationHelpers.kt b/notifications/core-spi/src/main/kotlin/org/opensearch/notifications/spi/utils/ValidationHelpers.kt
index 13ae7e35..29784eb8 100644
--- a/notifications/core-spi/src/main/kotlin/org/opensearch/notifications/spi/utils/ValidationHelpers.kt
+++ b/notifications/core-spi/src/main/kotlin/org/opensearch/notifications/spi/utils/ValidationHelpers.kt
@@ -17,7 +17,6 @@ import org.opensearch.notifications.spi.utils.ValidationHelpers.FQDN_REGEX
 import java.lang.Exception
 import java.net.InetAddress
 import java.net.URL
-import java.net.UnknownHostException
 
 private object ValidationHelpers {
     const val FQDN_REGEX =
@@ -53,42 +52,40 @@ fun isValidUrl(urlString: String): Boolean {
     }
 }
 
+fun getResolvedIps(host: String): List<IPAddressString> {
+    try {
+        val resolvedIps = InetAddress.getAllByName(host)
+        return resolvedIps.map { inetAddress -> IPAddressString(inetAddress.hostAddress) }
+    } catch (e: Exception) {
+        LogManager.getLogger().error("Unable to resolve host ips")
+    }
+
+    return listOf()
+}
+
 fun isHostInDenylist(urlString: String, hostDenyList: List<String>): Boolean {
     val url = URL(urlString)
     if (url.host != null) {
-        try {
-            val resolvedIps = InetAddress.getAllByName(url.host)
-            val resolvedIpStrings = resolvedIps.map { inetAddress -> IPAddressString(inetAddress.hostAddress) }
-            val hostStr = HostName(url.host)
-
-            for (network in hostDenyList) {
-                val denyIpStr = IPAddressString(network)
-                val denyHostStr = HostName(network)
-                val hostInDenyList = denyHostStr.equals(hostStr)
-                var ipInDenyList = false
-
-                for (ipStr in resolvedIpStrings) {
-                    if (denyIpStr.contains(ipStr)) {
-                        ipInDenyList = true
-                        break
-                    }
-                }
+        val resolvedIpStrings = getResolvedIps(url.host)
+        val hostStr = HostName(url.host)
 
-                if (hostInDenyList || ipInDenyList) {
-                    LogManager.getLogger().error("${url.host} is denied")
-                    return true
+        for (network in hostDenyList) {
+            val denyIpStr = IPAddressString(network)
+            val denyHostStr = HostName(network)
+            val hostInDenyList = denyHostStr.equals(hostStr)
+            var ipInDenyList = false
+
+            for (ipStr in resolvedIpStrings) {
+                if (denyIpStr.contains(ipStr)) {
+                    ipInDenyList = true
+                    break
                 }
             }
-        }
-        catch (e: UnknownHostException)
-        {
-            LogManager.getLogger().error("Error checking denylist: Unknown host")
-            return false
-        }
-        catch (e: Exception)
-        {
-            LogManager.getLogger().error("Error checking denylist: ${e.message}", e)
-            return false
+
+            if (hostInDenyList || ipInDenyList) {
+                LogManager.getLogger().error("${url.host} is denied")
+                return true
+            }
         }
     }
 
diff --git a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt
index 14fcff30..be01bd3f 100644
--- a/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt
+++ b/notifications/core/src/main/kotlin/org/opensearch/notifications/core/utils/ValidationHelpers.kt
@@ -23,6 +23,10 @@ fun validateUrl(urlString: String) {
 }
 
 fun validateUrlHost(urlString: String, hostDenyList: List<String>) {
+    val url = URL(urlString)
+    require(    org.opensearch.notifications.spi.utils.getResolvedIps(url.host).isNotEmpty()) {
+        "Host could not be resolved to a valid Ip address"
+    }
     require(!org.opensearch.notifications.spi.utils.isHostInDenylist(urlString, hostDenyList)) {
         "Host of url is denied, based on plugin setting [notification.core.http.host_deny_list]"
     }
@@ -65,14 +69,10 @@ fun isHostInDenylist(urlString: String, hostDenyList: List<String>): Boolean {
                     return true
                 }
             }
-        }
-        catch (e: UnknownHostException)
-        {
+        } catch (e: UnknownHostException) {
             LogManager.getLogger().error("Error checking denylist: Unknown host")
             return false
-        }
-        catch (e: Exception)
-        {
+        } catch (e: Exception) {
             LogManager.getLogger().error("Error checking denylist: ${e.message}", e)
             return false
         }