Log blocking rule in resolver #1489
Conversation
There was a problem hiding this comment.
Thanks for following up with this!
I put comments about mostly minor things. but some of it does require changing a bunch of code so I tried to put suggestions those.
Could you also please add a couple checks in tests that return a positive mach for the rule? Alternatively, add some basic dedicated tests for that.
If it can be any help, the way I'd do it is update the tests to not assert anything. make the function print the rule before returning. and add an Expect(false) at the end so ginkgo prints the output and you can copy past the rules instead of typing them out.
Some kind of snapshot testing would be nice here, but that's more work and we don't have anything like that already.
And just to be explicit about this: nothing is set in stone feel free to push back on anything :)
| @@ -11,7 +11,7 @@ import ( | |||
|
|
|||
| type stringCache interface { | |||
| elementCount() int | |||
| contains(searchString string) bool | |||
| contains(searchString string) (bool, string) | |||
There was a problem hiding this comment.
I think it'd be nice to swap the return values so it matches map:
| contains(searchString string) (bool, string) | |
| contains(searchString string) (string, bool) |
I'll put suggestions for the other uses, hopefully I don't miss anything!
There was a problem hiding this comment.
I would not do this with contains method. The name implies that the main return type should be boolean. Consider error return value:
contains(searchString string) (bool, err)err should be at the end as it is not the main response from method.
Could we rename contains to match and get rid of boolean?
// returns rule if matched, otherwise empty string
func match(searchString string) (string)| @@ -36,12 +36,12 @@ func (cache stringMap) elementCount() int { | |||
| return count | |||
| } | |||
|
|
|||
| func (cache stringMap) contains(searchString string) bool { | |||
| func (cache stringMap) contains(searchString string) (bool, string) { | |||
There was a problem hiding this comment.
| func (cache stringMap) contains(searchString string) (bool, string) { | |
| func (cache stringMap) contains(searchString string) (string, bool) { |
| normalized := normalizeEntry(searchString) | ||
| searchLen := len(normalized) | ||
|
|
||
| if searchLen == 0 { | ||
| return false | ||
| return false, "" |
There was a problem hiding this comment.
| return false, "" | |
| return "", false |
| @@ -54,11 +54,11 @@ func (cache stringMap) contains(searchString string) bool { | |||
| if blockRule == normalized { | |||
| log.PrefixedLog("string_map").Debugf("block rule '%s' matched with '%s'", blockRule, searchString) | |||
|
|
|||
| return true | |||
| return true, blockRule | |||
There was a problem hiding this comment.
| return true, blockRule | |
| return blockRule, true |
| if groups := r.matches(groupsToCheck, r.allowlistMatcher, domain); len(groups) > 0 { | ||
| logger.WithField("groups", groups).Debugf("domain is allowlisted") | ||
| if matches := r.matches(groupsToCheck, r.allowlistMatcher, domain); len(matches) > 0 { | ||
| logger.WithField("groups", maps.Keys(matches)).Debugf("domain is allowlisted") |
There was a problem hiding this comment.
I think we can change this to log all the info:
| logger.WithField("groups", maps.Keys(matches)).Debugf("domain is allowlisted") | |
| logger.WithField("matches", matches).Debug("domain is allowlisted") |
| return r.handleBlocked(logger, request, request.Req.Question[0], fmt.Sprintf("BLOCKED %s (%s)", tName, | ||
| strings.Join(groups, ","))) | ||
| if matches := r.matches(groupsToCheck, r.allowlistMatcher, entryToCheck); len(matches) > 0 { | ||
| logger.WithField("groups", maps.Keys(matches)).Debugf("%s is allowlisted", tName) |
There was a problem hiding this comment.
| logger.WithField("groups", maps.Keys(matches)).Debugf("%s is allowlisted", tName) | |
| logger.WithField("matches", matches).Debug("%s is allowlisted", tName) |
| var entries []string | ||
| for group, rule := range matches { | ||
| entries = append(entries, strings.Join([]string{group, rule}, ":")) | ||
| } | ||
|
|
||
| msg := fmt.Sprintf("BLOCKED (%s)", strings.Join(entries, ", ")) | ||
| resp, err := r.handleBlocked(logger, request, question, msg) |
There was a problem hiding this comment.
Can you pass matches to handleBlock instead of msg so we can move the formatting there and deduplicate it with Resolve?
There was a problem hiding this comment.
resolver/blocking_resolver.go:383 passes a string:
resp, err := r.handleBlocked(logger, request, question, "BLOCKED (ALLOWLIST ONLY)")Could we return custom type from r.matches(...) and override String() method?
| var entries []string | ||
| for group, rule := range matches { | ||
| entries = append(entries, strings.Join([]string{group, rule}, ":")) | ||
| } | ||
|
|
||
| msg := fmt.Sprintf("BLOCKED %s (%s)", tName, strings.Join(entries, ", ")) | ||
|
|
||
| return r.handleBlocked(logger, request, request.Req.Question[0], msg) |
There was a problem hiding this comment.
Also pass maches to handleBlocked here.
Co-authored-by: ThinkChaos <ThinkChaos@users.noreply.github.com>
Co-authored-by: ThinkChaos <ThinkChaos@users.noreply.github.com>
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #1489 +/- ##
==========================================
+ Coverage 93.88% 94.28% +0.39%
==========================================
Files 78 78
Lines 6361 5018 -1343
==========================================
- Hits 5972 4731 -1241
+ Misses 300 196 -104
- Partials 89 91 +2 ☔ View full report in Codecov by Sentry. |
Sorry, I don't understand what you want. There are checks for the rules in |
Follow up of #1460 (review)
Closes #1458