2018-08-30 14:25:33 +00:00
|
|
|
package dnsfilter
|
|
|
|
|
|
|
|
import (
|
2019-05-16 11:03:25 +00:00
|
|
|
"fmt"
|
2019-02-22 13:34:36 +00:00
|
|
|
"net"
|
2018-08-30 14:25:33 +00:00
|
|
|
"net/http"
|
|
|
|
"net/http/httptest"
|
2018-09-14 13:50:56 +00:00
|
|
|
"path"
|
2019-05-16 11:03:25 +00:00
|
|
|
"runtime"
|
2018-08-30 14:25:33 +00:00
|
|
|
"testing"
|
|
|
|
"time"
|
2019-05-22 15:30:27 +00:00
|
|
|
|
2019-07-23 09:21:37 +00:00
|
|
|
"github.com/AdguardTeam/urlfilter"
|
2019-06-26 15:13:09 +00:00
|
|
|
"github.com/bluele/gcache"
|
2019-05-22 15:30:27 +00:00
|
|
|
"github.com/miekg/dns"
|
2019-07-23 09:21:37 +00:00
|
|
|
"github.com/stretchr/testify/assert"
|
2018-08-30 14:25:33 +00:00
|
|
|
)
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// HELPERS
|
|
|
|
// SAFE BROWSING
|
|
|
|
// SAFE SEARCH
|
|
|
|
// PARENTAL
|
|
|
|
// FILTERING
|
2019-05-28 11:14:12 +00:00
|
|
|
// CLIENTS SETTINGS
|
2019-05-16 11:03:25 +00:00
|
|
|
// BENCHMARKS
|
2018-10-03 21:20:53 +00:00
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// HELPERS
|
2018-10-03 21:20:53 +00:00
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
func purgeCaches() {
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.safebrowsingCache != nil {
|
2019-07-23 17:01:50 +00:00
|
|
|
gctx.safebrowsingCache.Reset()
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.parentalCache != nil {
|
2019-07-23 17:01:50 +00:00
|
|
|
gctx.parentalCache.Reset()
|
2019-07-01 11:30:35 +00:00
|
|
|
}
|
|
|
|
if gctx.safeSearchCache != nil {
|
2019-07-23 17:01:50 +00:00
|
|
|
gctx.safeSearchCache.Reset()
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
func _Func() string {
|
|
|
|
pc := make([]uintptr, 10) // at least 1 entry needed
|
|
|
|
runtime.Callers(2, pc)
|
|
|
|
f := runtime.FuncForPC(pc[0])
|
|
|
|
return path.Base(f.Name())
|
2018-10-04 10:19:43 +00:00
|
|
|
}
|
|
|
|
|
2019-07-01 11:30:35 +00:00
|
|
|
func NewForTest(c *Config, filters map[int]string) *Dnsfilter {
|
2019-07-23 17:01:50 +00:00
|
|
|
if c != nil {
|
|
|
|
c.SafeBrowsingCacheSize = 1024
|
|
|
|
c.SafeSearchCacheSize = 1024
|
|
|
|
c.ParentalCacheSize = 1024
|
|
|
|
}
|
2019-07-01 11:30:35 +00:00
|
|
|
d := New(c, filters)
|
2019-05-16 11:03:25 +00:00
|
|
|
purgeCaches()
|
|
|
|
return d
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func (d *Dnsfilter) checkMatch(t *testing.T, hostname string) {
|
|
|
|
t.Helper()
|
2019-05-28 11:14:12 +00:00
|
|
|
ret, err := d.CheckHost(hostname, dns.TypeA, "")
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Error while matching host %s: %s", hostname, err)
|
|
|
|
}
|
|
|
|
if !ret.IsFiltered {
|
|
|
|
t.Errorf("Expected hostname %s to match", hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-22 15:30:27 +00:00
|
|
|
func (d *Dnsfilter) checkMatchIP(t *testing.T, hostname string, ip string, qtype uint16) {
|
2018-10-29 12:46:58 +00:00
|
|
|
t.Helper()
|
2019-05-28 11:14:12 +00:00
|
|
|
ret, err := d.CheckHost(hostname, qtype, "")
|
2018-10-29 12:46:58 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Error while matching host %s: %s", hostname, err)
|
|
|
|
}
|
|
|
|
if !ret.IsFiltered {
|
|
|
|
t.Errorf("Expected hostname %s to match", hostname)
|
|
|
|
}
|
2019-01-24 17:11:01 +00:00
|
|
|
if ret.IP == nil || ret.IP.String() != ip {
|
|
|
|
t.Errorf("Expected ip %s to match, actual: %v", ip, ret.IP)
|
2018-10-29 12:46:58 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
func (d *Dnsfilter) checkMatchEmpty(t *testing.T, hostname string) {
|
|
|
|
t.Helper()
|
2019-05-28 11:14:12 +00:00
|
|
|
ret, err := d.CheckHost(hostname, dns.TypeA, "")
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Error while matching host %s: %s", hostname, err)
|
|
|
|
}
|
|
|
|
if ret.IsFiltered {
|
|
|
|
t.Errorf("Expected hostname %s to not match", hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2018-10-29 12:46:58 +00:00
|
|
|
func TestEtcHostsMatching(t *testing.T) {
|
|
|
|
addr := "216.239.38.120"
|
2019-05-22 15:30:27 +00:00
|
|
|
addr6 := "::1"
|
|
|
|
text := fmt.Sprintf(" %s google.com www.google.com # enforce google's safesearch \n%s google.com\n0.0.0.0 block.com\n",
|
|
|
|
addr, addr6)
|
2019-05-16 11:03:25 +00:00
|
|
|
filters := make(map[int]string)
|
|
|
|
filters[0] = text
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(nil, filters)
|
2019-05-16 11:03:25 +00:00
|
|
|
defer d.Destroy()
|
2018-10-29 12:46:58 +00:00
|
|
|
|
2019-05-22 15:30:27 +00:00
|
|
|
d.checkMatchIP(t, "google.com", addr, dns.TypeA)
|
|
|
|
d.checkMatchIP(t, "www.google.com", addr, dns.TypeA)
|
2018-10-29 12:46:58 +00:00
|
|
|
d.checkMatchEmpty(t, "subdomain.google.com")
|
|
|
|
d.checkMatchEmpty(t, "example.org")
|
2019-05-22 15:30:27 +00:00
|
|
|
|
|
|
|
// IPv6 address
|
|
|
|
d.checkMatchIP(t, "google.com", addr6, dns.TypeAAAA)
|
|
|
|
|
|
|
|
// block both IPv4 and IPv6
|
|
|
|
d.checkMatchIP(t, "block.com", "0.0.0.0", dns.TypeA)
|
|
|
|
d.checkMatchIP(t, "block.com", "::", dns.TypeAAAA)
|
2018-10-29 12:46:58 +00:00
|
|
|
}
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// SAFE BROWSING
|
2018-08-30 14:25:33 +00:00
|
|
|
|
|
|
|
func TestSafeBrowsing(t *testing.T) {
|
|
|
|
testCases := []string{
|
|
|
|
"",
|
|
|
|
"sb.adtidy.org",
|
|
|
|
}
|
|
|
|
for _, tc := range testCases {
|
|
|
|
t.Run(fmt.Sprintf("%s in %s", tc, _Func()), func(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeBrowsingEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
2019-07-01 11:30:35 +00:00
|
|
|
gctx.stats.Safebrowsing.Requests = 0
|
2018-08-30 14:25:33 +00:00
|
|
|
d.checkMatch(t, "wmconvirus.narod.ru")
|
|
|
|
d.checkMatch(t, "wmconvirus.narod.ru")
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.stats.Safebrowsing.Requests != 1 {
|
|
|
|
t.Errorf("Safebrowsing lookup positive cache is not working: %v", gctx.stats.Safebrowsing.Requests)
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
d.checkMatch(t, "WMconvirus.narod.ru")
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.stats.Safebrowsing.Requests != 1 {
|
|
|
|
t.Errorf("Safebrowsing lookup positive cache is not working: %v", gctx.stats.Safebrowsing.Requests)
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
d.checkMatch(t, "wmconvirus.narod.ru.")
|
|
|
|
d.checkMatch(t, "test.wmconvirus.narod.ru")
|
|
|
|
d.checkMatch(t, "test.wmconvirus.narod.ru.")
|
|
|
|
d.checkMatchEmpty(t, "yandex.ru")
|
|
|
|
d.checkMatchEmpty(t, "pornhub.com")
|
2019-07-01 11:30:35 +00:00
|
|
|
l := gctx.stats.Safebrowsing.Requests
|
2018-08-30 14:25:33 +00:00
|
|
|
d.checkMatchEmpty(t, "pornhub.com")
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.stats.Safebrowsing.Requests != l {
|
|
|
|
t.Errorf("Safebrowsing lookup negative cache is not working: %v", gctx.stats.Safebrowsing.Requests)
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestParallelSB(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeBrowsingEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
t.Run("group", func(t *testing.T) {
|
|
|
|
for i := 0; i < 100; i++ {
|
|
|
|
t.Run(fmt.Sprintf("aaa%d", i), func(t *testing.T) {
|
|
|
|
t.Parallel()
|
|
|
|
d.checkMatch(t, "wmconvirus.narod.ru")
|
|
|
|
d.checkMatch(t, "wmconvirus.narod.ru.")
|
|
|
|
d.checkMatch(t, "test.wmconvirus.narod.ru")
|
|
|
|
d.checkMatch(t, "test.wmconvirus.narod.ru.")
|
|
|
|
d.checkMatchEmpty(t, "yandex.ru")
|
|
|
|
d.checkMatchEmpty(t, "pornhub.com")
|
|
|
|
})
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
// the only way to verify that custom server option is working is to point it at a server that does serve safebrowsing
|
|
|
|
func TestSafeBrowsingCustomServerFail(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeBrowsingEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
ts := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
|
|
|
|
// w.Write("Hello, client")
|
|
|
|
fmt.Fprintln(w, "Hello, client")
|
|
|
|
}))
|
|
|
|
defer ts.Close()
|
|
|
|
address := ts.Listener.Addr().String()
|
|
|
|
|
|
|
|
d.SetHTTPTimeout(time.Second * 5)
|
|
|
|
d.SetSafeBrowsingServer(address) // this will ensure that test fails
|
|
|
|
d.checkMatchEmpty(t, "wmconvirus.narod.ru")
|
|
|
|
}
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// SAFE SEARCH
|
|
|
|
|
|
|
|
func TestSafeSearch(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(nil, nil)
|
2019-05-16 11:03:25 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
_, ok := d.SafeSearchDomain("www.google.com")
|
|
|
|
if ok {
|
|
|
|
t.Errorf("Expected safesearch to error when disabled")
|
|
|
|
}
|
2019-07-01 11:30:35 +00:00
|
|
|
|
|
|
|
d = NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
|
|
|
defer d.Destroy()
|
2019-05-16 11:03:25 +00:00
|
|
|
val, ok := d.SafeSearchDomain("www.google.com")
|
|
|
|
if !ok {
|
|
|
|
t.Errorf("Expected safesearch to find result for www.google.com")
|
|
|
|
}
|
|
|
|
if val != "forcesafesearch.google.com" {
|
|
|
|
t.Errorf("Expected safesearch for google.com to be forcesafesearch.google.com")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-22 13:34:36 +00:00
|
|
|
func TestCheckHostSafeSearchYandex(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
2019-02-22 13:34:36 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
|
|
|
|
// Slice of yandex domains
|
|
|
|
yandex := []string{"yAndeX.ru", "YANdex.COM", "yandex.ua", "yandex.by", "yandex.kz", "www.yandex.com"}
|
|
|
|
|
|
|
|
// Check host for each domain
|
|
|
|
for _, host := range yandex {
|
2019-05-28 11:14:12 +00:00
|
|
|
result, err := d.CheckHost(host, dns.TypeA, "")
|
2019-02-22 13:34:36 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("SafeSearch doesn't work for yandex domain `%s` cause %s", host, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if result.IP.String() != "213.180.193.56" {
|
|
|
|
t.Errorf("SafeSearch doesn't work for yandex domain `%s`", host)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func TestCheckHostSafeSearchGoogle(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
2019-02-22 13:34:36 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
|
|
|
|
// Slice of google domains
|
|
|
|
googleDomains := []string{"www.google.com", "www.google.im", "www.google.co.in", "www.google.iq", "www.google.is", "www.google.it", "www.google.je"}
|
|
|
|
|
|
|
|
// Check host for each domain
|
|
|
|
for _, host := range googleDomains {
|
2019-05-28 11:14:12 +00:00
|
|
|
result, err := d.CheckHost(host, dns.TypeA, "")
|
2019-02-22 13:34:36 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("SafeSearch doesn't work for %s cause %s", host, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if result.IP == nil {
|
|
|
|
t.Errorf("SafeSearch doesn't work for %s", host)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-25 15:56:51 +00:00
|
|
|
func TestSafeSearchCacheYandex(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(nil, nil)
|
2019-02-22 13:34:36 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
domain := "yandex.ru"
|
|
|
|
|
2019-02-25 15:56:51 +00:00
|
|
|
var result Result
|
|
|
|
var err error
|
|
|
|
|
2019-02-22 13:34:36 +00:00
|
|
|
// Check host with disabled safesearch
|
2019-05-28 11:14:12 +00:00
|
|
|
result, err = d.CheckHost(domain, dns.TypeA, "")
|
2019-02-25 15:56:51 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Cannot check host due to %s", err)
|
|
|
|
}
|
2019-02-22 13:34:36 +00:00
|
|
|
if result.IP != nil {
|
|
|
|
t.Fatalf("SafeSearch is not enabled but there is an answer for `%s` !", domain)
|
|
|
|
}
|
|
|
|
|
2019-07-01 11:30:35 +00:00
|
|
|
d = NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
|
|
|
defer d.Destroy()
|
|
|
|
|
2019-05-28 11:14:12 +00:00
|
|
|
result, err = d.CheckHost(domain, dns.TypeA, "")
|
2019-02-22 13:34:36 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("CheckHost for safesearh domain %s failed cause %s", domain, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
// Fir yandex we already know valid ip
|
|
|
|
if result.IP.String() != "213.180.193.56" {
|
|
|
|
t.Fatalf("Wrong IP for %s safesearch: %s", domain, result.IP.String())
|
|
|
|
}
|
|
|
|
|
|
|
|
// Check cache
|
2019-07-23 17:01:50 +00:00
|
|
|
cachedValue, isFound := getCachedResult(gctx.safeSearchCache, domain)
|
2019-02-22 13:34:36 +00:00
|
|
|
|
|
|
|
if !isFound {
|
|
|
|
t.Fatalf("Safesearch cache doesn't work for %s!", domain)
|
|
|
|
}
|
|
|
|
|
|
|
|
if cachedValue.IP.String() != "213.180.193.56" {
|
|
|
|
t.Fatalf("Wrong IP in cache for %s safesearch: %s", domain, cachedValue.IP.String())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-02-25 15:56:51 +00:00
|
|
|
func TestSafeSearchCacheGoogle(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(nil, nil)
|
2019-02-22 13:34:36 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
domain := "www.google.ru"
|
2019-05-28 11:14:12 +00:00
|
|
|
result, err := d.CheckHost(domain, dns.TypeA, "")
|
2019-02-25 15:56:51 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Cannot check host due to %s", err)
|
|
|
|
}
|
2019-02-22 13:34:36 +00:00
|
|
|
if result.IP != nil {
|
|
|
|
t.Fatalf("SafeSearch is not enabled but there is an answer!")
|
|
|
|
}
|
|
|
|
|
2019-07-01 11:30:35 +00:00
|
|
|
d = NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
|
|
|
defer d.Destroy()
|
2019-02-22 13:34:36 +00:00
|
|
|
|
|
|
|
// Let's lookup for safesearch domain
|
|
|
|
safeDomain, ok := d.SafeSearchDomain(domain)
|
|
|
|
if !ok {
|
|
|
|
t.Fatalf("Failed to get safesearch domain for %s", domain)
|
|
|
|
}
|
|
|
|
|
|
|
|
ips, err := net.LookupIP(safeDomain)
|
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("Failed to lookup for %s", safeDomain)
|
|
|
|
}
|
|
|
|
|
2019-05-30 12:36:39 +00:00
|
|
|
t.Logf("IP addresses: %v", ips)
|
2019-02-25 11:58:54 +00:00
|
|
|
ip := ips[0]
|
2019-02-22 13:34:36 +00:00
|
|
|
for _, i := range ips {
|
2019-05-30 12:36:39 +00:00
|
|
|
if i.To4() != nil {
|
2019-02-22 13:34:36 +00:00
|
|
|
ip = i
|
2019-05-30 12:36:39 +00:00
|
|
|
break
|
2019-02-22 13:34:36 +00:00
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-28 11:14:12 +00:00
|
|
|
result, err = d.CheckHost(domain, dns.TypeA, "")
|
2019-02-22 13:34:36 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Fatalf("CheckHost for safesearh domain %s failed cause %s", domain, err)
|
|
|
|
}
|
|
|
|
|
|
|
|
if result.IP.String() != ip.String() {
|
2019-05-30 12:36:39 +00:00
|
|
|
t.Fatalf("Wrong IP for %s safesearch: %s. Should be: %s",
|
|
|
|
domain, result.IP.String(), ip)
|
2019-02-22 13:34:36 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
// Check cache
|
2019-07-23 17:01:50 +00:00
|
|
|
cachedValue, isFound := getCachedResult(gctx.safeSearchCache, domain)
|
2019-02-22 13:34:36 +00:00
|
|
|
|
|
|
|
if !isFound {
|
|
|
|
t.Fatalf("Safesearch cache doesn't work for %s!", domain)
|
|
|
|
}
|
|
|
|
|
|
|
|
if cachedValue.IP.String() != ip.String() {
|
|
|
|
t.Fatalf("Wrong IP in cache for %s safesearch: %s", domain, cachedValue.IP.String())
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// PARENTAL
|
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
func TestParentalControl(t *testing.T) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{ParentalEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
2018-12-06 13:54:48 +00:00
|
|
|
d.ParentalSensitivity = 3
|
2018-08-30 14:25:33 +00:00
|
|
|
d.checkMatch(t, "pornhub.com")
|
|
|
|
d.checkMatch(t, "pornhub.com")
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.stats.Parental.Requests != 1 {
|
2018-08-30 14:25:33 +00:00
|
|
|
t.Errorf("Parental lookup positive cache is not working")
|
|
|
|
}
|
|
|
|
d.checkMatch(t, "PORNhub.com")
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.stats.Parental.Requests != 1 {
|
2018-08-30 14:25:33 +00:00
|
|
|
t.Errorf("Parental lookup positive cache is not working")
|
|
|
|
}
|
|
|
|
d.checkMatch(t, "www.pornhub.com")
|
|
|
|
d.checkMatch(t, "pornhub.com.")
|
|
|
|
d.checkMatch(t, "www.pornhub.com.")
|
|
|
|
d.checkMatchEmpty(t, "www.yandex.ru")
|
|
|
|
d.checkMatchEmpty(t, "yandex.ru")
|
2019-07-01 11:30:35 +00:00
|
|
|
l := gctx.stats.Parental.Requests
|
2018-08-30 14:25:33 +00:00
|
|
|
d.checkMatchEmpty(t, "yandex.ru")
|
2019-07-01 11:30:35 +00:00
|
|
|
if gctx.stats.Parental.Requests != l {
|
2018-08-30 14:25:33 +00:00
|
|
|
t.Errorf("Parental lookup negative cache is not working")
|
|
|
|
}
|
2018-09-16 22:41:39 +00:00
|
|
|
|
|
|
|
d.checkMatchEmpty(t, "api.jquery.com")
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// FILTERING
|
2018-08-30 14:25:33 +00:00
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
var blockingRules = "||example.org^\n"
|
|
|
|
var whitelistRules = "||example.org^\n@@||test.example.org\n"
|
|
|
|
var importantRules = "@@||example.org^\n||test.example.org^$important\n"
|
|
|
|
var regexRules = "/example\\.org/\n@@||test.example.org^\n"
|
|
|
|
var maskRules = "test*.example.org^\nexam*.com\n"
|
2018-08-30 14:25:33 +00:00
|
|
|
|
|
|
|
var tests = []struct {
|
2018-09-05 23:06:40 +00:00
|
|
|
testname string
|
2019-05-16 11:03:25 +00:00
|
|
|
rules string
|
2018-09-05 23:06:40 +00:00
|
|
|
hostname string
|
|
|
|
isFiltered bool
|
|
|
|
reason Reason
|
2018-08-30 14:25:33 +00:00
|
|
|
}{
|
2019-05-16 11:03:25 +00:00
|
|
|
{"sanity", "||doubleclick.net^", "www.doubleclick.net", true, FilteredBlackList},
|
|
|
|
{"sanity", "||doubleclick.net^", "nodoubleclick.net", false, NotFilteredNotFound},
|
|
|
|
{"sanity", "||doubleclick.net^", "doubleclick.net.ru", false, NotFilteredNotFound},
|
|
|
|
{"sanity", "||doubleclick.net^", "wmconvirus.narod.ru", false, NotFilteredNotFound},
|
|
|
|
|
2018-09-05 23:06:40 +00:00
|
|
|
{"blocking", blockingRules, "example.org", true, FilteredBlackList},
|
|
|
|
{"blocking", blockingRules, "test.example.org", true, FilteredBlackList},
|
|
|
|
{"blocking", blockingRules, "test.test.example.org", true, FilteredBlackList},
|
|
|
|
{"blocking", blockingRules, "testexample.org", false, NotFilteredNotFound},
|
|
|
|
{"blocking", blockingRules, "onemoreexample.org", false, NotFilteredNotFound},
|
2019-05-16 11:03:25 +00:00
|
|
|
|
2018-09-05 23:06:40 +00:00
|
|
|
{"whitelist", whitelistRules, "example.org", true, FilteredBlackList},
|
|
|
|
{"whitelist", whitelistRules, "test.example.org", false, NotFilteredWhiteList},
|
|
|
|
{"whitelist", whitelistRules, "test.test.example.org", false, NotFilteredWhiteList},
|
|
|
|
{"whitelist", whitelistRules, "testexample.org", false, NotFilteredNotFound},
|
|
|
|
{"whitelist", whitelistRules, "onemoreexample.org", false, NotFilteredNotFound},
|
2019-05-16 11:03:25 +00:00
|
|
|
|
2018-09-05 23:06:40 +00:00
|
|
|
{"important", importantRules, "example.org", false, NotFilteredWhiteList},
|
|
|
|
{"important", importantRules, "test.example.org", true, FilteredBlackList},
|
|
|
|
{"important", importantRules, "test.test.example.org", true, FilteredBlackList},
|
|
|
|
{"important", importantRules, "testexample.org", false, NotFilteredNotFound},
|
|
|
|
{"important", importantRules, "onemoreexample.org", false, NotFilteredNotFound},
|
2019-05-16 11:03:25 +00:00
|
|
|
|
2018-09-05 23:06:40 +00:00
|
|
|
{"regex", regexRules, "example.org", true, FilteredBlackList},
|
|
|
|
{"regex", regexRules, "test.example.org", false, NotFilteredWhiteList},
|
|
|
|
{"regex", regexRules, "test.test.example.org", false, NotFilteredWhiteList},
|
|
|
|
{"regex", regexRules, "testexample.org", true, FilteredBlackList},
|
|
|
|
{"regex", regexRules, "onemoreexample.org", true, FilteredBlackList},
|
2019-05-16 11:03:25 +00:00
|
|
|
|
2018-09-05 23:06:40 +00:00
|
|
|
{"mask", maskRules, "test.example.org", true, FilteredBlackList},
|
|
|
|
{"mask", maskRules, "test2.example.org", true, FilteredBlackList},
|
|
|
|
{"mask", maskRules, "example.com", true, FilteredBlackList},
|
|
|
|
{"mask", maskRules, "exampleeee.com", true, FilteredBlackList},
|
|
|
|
{"mask", maskRules, "onemoreexamsite.com", true, FilteredBlackList},
|
|
|
|
{"mask", maskRules, "example.org", false, NotFilteredNotFound},
|
|
|
|
{"mask", maskRules, "testexample.org", false, NotFilteredNotFound},
|
|
|
|
{"mask", maskRules, "example.co.uk", false, NotFilteredNotFound},
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
func TestMatching(t *testing.T) {
|
|
|
|
for _, test := range tests {
|
|
|
|
t.Run(fmt.Sprintf("%s-%s", test.testname, test.hostname), func(t *testing.T) {
|
2019-05-16 11:03:25 +00:00
|
|
|
filters := make(map[int]string)
|
|
|
|
filters[0] = test.rules
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(nil, filters)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
2019-05-16 11:03:25 +00:00
|
|
|
|
2019-05-28 11:14:12 +00:00
|
|
|
ret, err := d.CheckHost(test.hostname, dns.TypeA, "")
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
|
|
|
t.Errorf("Error while matching host %s: %s", test.hostname, err)
|
|
|
|
}
|
2018-09-05 23:06:40 +00:00
|
|
|
if ret.IsFiltered != test.isFiltered {
|
|
|
|
t.Errorf("Hostname %s has wrong result (%v must be %v)", test.hostname, ret.IsFiltered, test.isFiltered)
|
|
|
|
}
|
|
|
|
if ret.Reason != test.reason {
|
|
|
|
t.Errorf("Hostname %s has wrong reason (%v must be %v)", test.hostname, ret.Reason.String(), test.reason.String())
|
2018-08-30 14:25:33 +00:00
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2019-05-28 11:14:12 +00:00
|
|
|
// CLIENT SETTINGS
|
|
|
|
|
|
|
|
func applyClientSettings(clientAddr string, setts *RequestFilteringSettings) {
|
|
|
|
setts.FilteringEnabled = false
|
|
|
|
setts.ParentalEnabled = false
|
2019-07-15 11:03:22 +00:00
|
|
|
setts.SafeBrowsingEnabled = true
|
2019-07-23 09:21:37 +00:00
|
|
|
|
|
|
|
rule, _ := urlfilter.NewNetworkRule("||facebook.com^", 0)
|
|
|
|
s := ServiceEntry{}
|
|
|
|
s.Name = "facebook"
|
|
|
|
s.Rules = []*urlfilter.NetworkRule{rule}
|
|
|
|
setts.ServicesRules = append(setts.ServicesRules, s)
|
2019-05-28 11:14:12 +00:00
|
|
|
}
|
|
|
|
|
2019-07-15 11:03:22 +00:00
|
|
|
// Check behaviour without any per-client settings,
|
|
|
|
// then apply per-client settings and check behaviour once again
|
2019-05-28 11:14:12 +00:00
|
|
|
func TestClientSettings(t *testing.T) {
|
|
|
|
var r Result
|
|
|
|
filters := make(map[int]string)
|
|
|
|
filters[0] = "||example.org^\n"
|
2019-07-15 11:03:22 +00:00
|
|
|
d := NewForTest(&Config{ParentalEnabled: true, SafeBrowsingEnabled: false}, filters)
|
2019-05-28 11:14:12 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
d.ParentalSensitivity = 3
|
|
|
|
|
|
|
|
// no client settings:
|
|
|
|
|
|
|
|
// blocked by filters
|
|
|
|
r, _ = d.CheckHost("example.org", dns.TypeA, "1.1.1.1")
|
|
|
|
if !r.IsFiltered || r.Reason != FilteredBlackList {
|
|
|
|
t.Fatalf("CheckHost FilteredBlackList")
|
|
|
|
}
|
|
|
|
|
|
|
|
// blocked by parental
|
|
|
|
r, _ = d.CheckHost("pornhub.com", dns.TypeA, "1.1.1.1")
|
|
|
|
if !r.IsFiltered || r.Reason != FilteredParental {
|
|
|
|
t.Fatalf("CheckHost FilteredParental")
|
|
|
|
}
|
|
|
|
|
2019-07-15 11:03:22 +00:00
|
|
|
// safesearch is disabled
|
|
|
|
r, _ = d.CheckHost("wmconvirus.narod.ru", dns.TypeA, "1.1.1.1")
|
|
|
|
if r.IsFiltered {
|
|
|
|
t.Fatalf("CheckHost safesearch")
|
|
|
|
}
|
|
|
|
|
2019-07-23 09:21:37 +00:00
|
|
|
// not blocked
|
|
|
|
r, _ = d.CheckHost("facebook.com", dns.TypeA, "1.1.1.1")
|
|
|
|
assert.True(t, !r.IsFiltered)
|
|
|
|
|
2019-05-28 11:14:12 +00:00
|
|
|
// override client settings:
|
|
|
|
d.FilterHandler = applyClientSettings
|
|
|
|
|
|
|
|
// override filtering settings
|
|
|
|
r, _ = d.CheckHost("example.org", dns.TypeA, "1.1.1.1")
|
|
|
|
if r.IsFiltered {
|
|
|
|
t.Fatalf("CheckHost")
|
|
|
|
}
|
|
|
|
|
2019-07-15 11:03:22 +00:00
|
|
|
// override parental settings (force disable parental)
|
2019-05-28 11:14:12 +00:00
|
|
|
r, _ = d.CheckHost("pornhub.com", dns.TypeA, "1.1.1.1")
|
|
|
|
if r.IsFiltered {
|
|
|
|
t.Fatalf("CheckHost")
|
|
|
|
}
|
2019-07-15 11:03:22 +00:00
|
|
|
|
|
|
|
// override safesearch settings (force enable safesearch)
|
|
|
|
r, _ = d.CheckHost("wmconvirus.narod.ru", dns.TypeA, "1.1.1.1")
|
|
|
|
if !r.IsFiltered || r.Reason != FilteredSafeBrowsing {
|
|
|
|
t.Fatalf("CheckHost FilteredSafeBrowsing")
|
|
|
|
}
|
2019-07-23 09:21:37 +00:00
|
|
|
|
|
|
|
// blocked by additional rules
|
|
|
|
r, _ = d.CheckHost("facebook.com", dns.TypeA, "1.1.1.1")
|
|
|
|
assert.True(t, r.IsFiltered && r.Reason == FilteredBlockedService)
|
2019-05-28 11:14:12 +00:00
|
|
|
}
|
|
|
|
|
2019-05-16 11:03:25 +00:00
|
|
|
// BENCHMARKS
|
2018-10-03 21:20:53 +00:00
|
|
|
|
2018-08-30 14:25:33 +00:00
|
|
|
func BenchmarkSafeBrowsing(b *testing.B) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeBrowsingEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
for n := 0; n < b.N; n++ {
|
|
|
|
hostname := "wmconvirus.narod.ru"
|
2019-05-28 11:14:12 +00:00
|
|
|
ret, err := d.CheckHost(hostname, dns.TypeA, "")
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
|
|
|
b.Errorf("Error while matching host %s: %s", hostname, err)
|
|
|
|
}
|
|
|
|
if !ret.IsFiltered {
|
|
|
|
b.Errorf("Expected hostname %s to match", hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkSafeBrowsingParallel(b *testing.B) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeBrowsingEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
|
|
for pb.Next() {
|
|
|
|
hostname := "wmconvirus.narod.ru"
|
2019-05-28 11:14:12 +00:00
|
|
|
ret, err := d.CheckHost(hostname, dns.TypeA, "")
|
2018-08-30 14:25:33 +00:00
|
|
|
if err != nil {
|
|
|
|
b.Errorf("Error while matching host %s: %s", hostname, err)
|
|
|
|
}
|
|
|
|
if !ret.IsFiltered {
|
|
|
|
b.Errorf("Expected hostname %s to match", hostname)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkSafeSearch(b *testing.B) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
for n := 0; n < b.N; n++ {
|
|
|
|
val, ok := d.SafeSearchDomain("www.google.com")
|
|
|
|
if !ok {
|
|
|
|
b.Errorf("Expected safesearch to find result for www.google.com")
|
|
|
|
}
|
|
|
|
if val != "forcesafesearch.google.com" {
|
|
|
|
b.Errorf("Expected safesearch for google.com to be forcesafesearch.google.com")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
func BenchmarkSafeSearchParallel(b *testing.B) {
|
2019-07-01 11:30:35 +00:00
|
|
|
d := NewForTest(&Config{SafeSearchEnabled: true}, nil)
|
2018-08-30 14:25:33 +00:00
|
|
|
defer d.Destroy()
|
|
|
|
b.RunParallel(func(pb *testing.PB) {
|
|
|
|
for pb.Next() {
|
|
|
|
val, ok := d.SafeSearchDomain("www.google.com")
|
|
|
|
if !ok {
|
|
|
|
b.Errorf("Expected safesearch to find result for www.google.com")
|
|
|
|
}
|
|
|
|
if val != "forcesafesearch.google.com" {
|
|
|
|
b.Errorf("Expected safesearch for google.com to be forcesafesearch.google.com")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
})
|
|
|
|
}
|
2019-06-26 15:13:09 +00:00
|
|
|
|
|
|
|
func TestDnsfilterDialCache(t *testing.T) {
|
|
|
|
d := Dnsfilter{}
|
2019-07-09 08:35:39 +00:00
|
|
|
gctx.dialCache = gcache.New(1).LRU().Expiration(30 * time.Minute).Build()
|
2019-06-26 15:13:09 +00:00
|
|
|
|
|
|
|
d.shouldBeInDialCache("hostname")
|
|
|
|
if searchInDialCache("hostname") != "" {
|
|
|
|
t.Errorf("searchInDialCache")
|
|
|
|
}
|
|
|
|
addToDialCache("hostname", "1.1.1.1")
|
|
|
|
if searchInDialCache("hostname") != "1.1.1.1" {
|
|
|
|
t.Errorf("searchInDialCache")
|
|
|
|
}
|
|
|
|
}
|