dnscrypt-proxy/dnscrypt-proxy/pattern_matcher.go

package main

import (
	"fmt"
	"path/filepath"
	"strings"

	"github.com/k-sone/critbitgo"

	"github.com/jedisct1/dlog"
)

type PatternType int

const (
	PatternTypeNone PatternType = iota
	PatternTypePrefix
	PatternTypeSuffix
	PatternTypeSubstring
	PatternTypePattern
	PatternTypeExact
)

type PatternMatcher struct {
	blockedPrefixes   *critbitgo.Trie
	blockedSuffixes   *critbitgo.Trie
	blockedSubstrings []string
	blockedPatterns   []string
	blockedExact      map[string]interface{}
	indirectVals      map[string]interface{}
}

func NewPatternMatcher() *PatternMatcher {
	patternMatcher := PatternMatcher{
		blockedPrefixes: critbitgo.NewTrie(),
		blockedSuffixes: critbitgo.NewTrie(),
		blockedExact:    make(map[string]interface{}),
		indirectVals:    make(map[string]interface{}),
	}
	return &patternMatcher
}

func isGlobCandidate(str string) bool {
	for i, c := range str {
		if c == '?' || c == '[' {
			return true
		} else if c == '*' && i != 0 && i != len(str)-1 {
			return true
		}
	}
	return false
}

func (patternMatcher *PatternMatcher) Add(pattern string, val interface{}, position int) error {
	leadingStar := strings.HasPrefix(pattern, "*")
	trailingStar := strings.HasSuffix(pattern, "*")
	exact := strings.HasPrefix(pattern, "=")
	patternType := PatternTypeNone
	if isGlobCandidate(pattern) {
		patternType = PatternTypePattern
		_, err := filepath.Match(pattern, "example.com")
		if len(pattern) < 2 || err != nil {
			return fmt.Errorf("Syntax error in block rules at pattern %d", position)
		}
	} else if leadingStar && trailingStar {
		patternType = PatternTypeSubstring
		if len(pattern) < 3 {
			return fmt.Errorf("Syntax error in block rules at pattern %d", position)
		}
		pattern = pattern[1 : len(pattern)-1]
	} else if trailingStar {
		patternType = PatternTypePrefix
		if len(pattern) < 2 {
			return fmt.Errorf("Syntax error in block rules at pattern %d", position)
		}
		pattern = pattern[:len(pattern)-1]
	} else if exact {
		patternType = PatternTypeExact
		if len(pattern) < 2 {
			return fmt.Errorf("Syntax error in block rules at pattern %d", position)
		}
		pattern = pattern[1:]
	} else {
		patternType = PatternTypeSuffix
		if leadingStar {
			pattern = pattern[1:]
		}
		pattern = strings.TrimPrefix(pattern, ".")
	}
	if len(pattern) == 0 {
		dlog.Errorf("Syntax error in block rule at line %d", position)
	}

	pattern = strings.ToLower(pattern)
	switch patternType {
	case PatternTypeSubstring:
		patternMatcher.blockedSubstrings = append(patternMatcher.blockedSubstrings, pattern)
		if val != nil {
			patternMatcher.indirectVals[pattern] = val
		}
	case PatternTypePattern:
		patternMatcher.blockedPatterns = append(patternMatcher.blockedPatterns, pattern)
		if val != nil {
			patternMatcher.indirectVals[pattern] = val
		}
	case PatternTypePrefix:
		patternMatcher.blockedPrefixes.Insert([]byte(pattern), val)
	case PatternTypeSuffix:
		patternMatcher.blockedSuffixes.Insert([]byte(StringReverse(pattern)), val)
	case PatternTypeExact:
		patternMatcher.blockedExact[pattern] = val
	default:
		dlog.Fatal("Unexpected block type")
	}
	return nil
}

func (patternMatcher *PatternMatcher) Eval(qName string) (reject bool, reason string, val interface{}) {
	if len(qName) < 2 {
		return false, "", nil
	}

	if xval := patternMatcher.blockedExact[qName]; xval != nil {
		return true, qName, xval
	}

	revQname := StringReverse(qName)
	if match, xval, found := patternMatcher.blockedSuffixes.LongestPrefix([]byte(revQname)); found {
		if len(match) == len(revQname) || revQname[len(match)] == '.' {
			return true, "*." + StringReverse(string(match)), xval
		}
		if len(match) < len(revQname) && len(revQname) > 0 {
			if i := strings.LastIndex(revQname, "."); i > 0 {
				pName := revQname[:i]
				if match, _, found := patternMatcher.blockedSuffixes.LongestPrefix([]byte(pName)); found {
					if len(match) == len(pName) || pName[len(match)] == '.' {
						return true, "*." + StringReverse(string(match)), xval
					}
				}
			}
		}
	}

	if match, xval, found := patternMatcher.blockedPrefixes.LongestPrefix([]byte(qName)); found {
		return true, string(match) + "*", xval
	}

	for _, substring := range patternMatcher.blockedSubstrings {
		if strings.Contains(qName, substring) {
			return true, "*" + substring + "*", patternMatcher.indirectVals[substring]
		}
	}

	for _, pattern := range patternMatcher.blockedPatterns {
		if found, _ := filepath.Match(pattern, qName); found {
			return true, pattern, patternMatcher.indirectVals[pattern]
		}
	}

	return false, "", nil
}
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`package main`

			`import (`
			`"fmt"`
			`"path/filepath"`
			`"strings"`

Use critibitgo 2018-04-07 16:59:10 +02:00			`"github.com/k-sone/critbitgo"`

Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`"github.com/jedisct1/dlog"`
			`)`

			`type PatternType int`

			`const (`
			`PatternTypeNone PatternType = iota`
			`PatternTypePrefix`
			`PatternTypeSuffix`
			`PatternTypeSubstring`
			`PatternTypePattern`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`PatternTypeExact`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`)`

			`type PatternMatcher struct {`
Use critibitgo 2018-04-07 16:59:10 +02:00			`blockedPrefixes *critbitgo.Trie`
			`blockedSuffixes *critbitgo.Trie`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`blockedSubstrings []string`
			`blockedPatterns []string`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`blockedExact map[string]interface{}`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`indirectVals map[string]interface{}`
			`}`

Typo Fixes #1248 2020-03-25 09:11:10 +01:00			`func NewPatternMatcher() *PatternMatcher {`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`patternMatcher := PatternMatcher{`
Use critibitgo 2018-04-07 16:59:10 +02:00			`blockedPrefixes: critbitgo.NewTrie(),`
			`blockedSuffixes: critbitgo.NewTrie(),`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`blockedExact: make(map[string]interface{}),`
patternMatcher: initialize the indirectVals map 2018-04-08 08:42:02 +02:00			`indirectVals: make(map[string]interface{}),`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`}`
			`return &patternMatcher`
			`}`

			`func isGlobCandidate(str string) bool {`
			`for i, c := range str {`
			`if c == '?' \|\| c == '[' {`
			`return true`
			`} else if c == '*' && i != 0 && i != len(str)-1 {`
			`return true`
			`}`
			`}`
			`return false`
			`}`

remove unused patternType return 2019-11-01 16:27:53 +01:00			`func (patternMatcher *PatternMatcher) Add(pattern string, val interface{}, position int) error {`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`leadingStar := strings.HasPrefix(pattern, "*")`
			`trailingStar := strings.HasSuffix(pattern, "*")`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`exact := strings.HasPrefix(pattern, "=")`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`patternType := PatternTypeNone`
			`if isGlobCandidate(pattern) {`
			`patternType = PatternTypePattern`
			`_, err := filepath.Match(pattern, "example.com")`
			`if len(pattern) < 2 \|\| err != nil {`
remove unused patternType return 2019-11-01 16:27:53 +01:00			`return fmt.Errorf("Syntax error in block rules at pattern %d", position)`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`}`
			`} else if leadingStar && trailingStar {`
			`patternType = PatternTypeSubstring`
			`if len(pattern) < 3 {`
remove unused patternType return 2019-11-01 16:27:53 +01:00			`return fmt.Errorf("Syntax error in block rules at pattern %d", position)`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`}`
			`pattern = pattern[1 : len(pattern)-1]`
			`} else if trailingStar {`
			`patternType = PatternTypePrefix`
			`if len(pattern) < 2 {`
remove unused patternType return 2019-11-01 16:27:53 +01:00			`return fmt.Errorf("Syntax error in block rules at pattern %d", position)`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`}`
			`pattern = pattern[:len(pattern)-1]`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`} else if exact {`
			`patternType = PatternTypeExact`
			`if len(pattern) < 2 {`
remove unused patternType return 2019-11-01 16:27:53 +01:00			`return fmt.Errorf("Syntax error in block rules at pattern %d", position)`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`}`
			`pattern = pattern[1:]`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`} else {`
			`patternType = PatternTypeSuffix`
			`if leadingStar {`
			`pattern = pattern[1:]`
			`}`
			`pattern = strings.TrimPrefix(pattern, ".")`
			`}`
			`if len(pattern) == 0 {`
			`dlog.Errorf("Syntax error in block rule at line %d", position)`
			`}`

			`pattern = strings.ToLower(pattern)`
			`switch patternType {`
			`case PatternTypeSubstring:`
			`patternMatcher.blockedSubstrings = append(patternMatcher.blockedSubstrings, pattern)`
			`if val != nil {`
			`patternMatcher.indirectVals[pattern] = val`
			`}`
			`case PatternTypePattern:`
			`patternMatcher.blockedPatterns = append(patternMatcher.blockedPatterns, pattern)`
			`if val != nil {`
			`patternMatcher.indirectVals[pattern] = val`
			`}`
			`case PatternTypePrefix:`
Use critibitgo 2018-04-07 16:59:10 +02:00			`patternMatcher.blockedPrefixes.Insert([]byte(pattern), val)`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`case PatternTypeSuffix:`
Use critibitgo 2018-04-07 16:59:10 +02:00			`patternMatcher.blockedSuffixes.Insert([]byte(StringReverse(pattern)), val)`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00			`case PatternTypeExact:`
			`patternMatcher.blockedExact[pattern] = val`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`default:`
			`dlog.Fatal("Unexpected block type")`
			`}`
remove unused patternType return 2019-11-01 16:27:53 +01:00			`return nil`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`}`

			`func (patternMatcher *PatternMatcher) Eval(qName string) (reject bool, reason string, val interface{}) {`
			`if len(qName) < 2 {`
			`return false, "", nil`
			`}`

pattern_matcher: check exact matches first 2020-12-07 12:58:05 +01:00			`if xval := patternMatcher.blockedExact[qName]; xval != nil {`
			`return true, qName, xval`
			`}`

Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`revQname := StringReverse(qName)`
Use critibitgo 2018-04-07 16:59:10 +02:00			`if match, xval, found := patternMatcher.blockedSuffixes.LongestPrefix([]byte(revQname)); found {`
Reuse the same variable 2019-12-16 16:32:49 +01:00			`if len(match) == len(revQname) \|\| revQname[len(match)] == '.' {`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`return true, "*." + StringReverse(string(match)), xval`
			`}`
			`if len(match) < len(revQname) && len(revQname) > 0 {`
			`if i := strings.LastIndex(revQname, "."); i > 0 {`
			`pName := revQname[:i]`
Use critibitgo 2018-04-07 16:59:10 +02:00			`if match, _, found := patternMatcher.blockedSuffixes.LongestPrefix([]byte(pName)); found {`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`if len(match) == len(pName) \|\| pName[len(match)] == '.' {`
			`return true, "*." + StringReverse(string(match)), xval`
			`}`
			`}`
			`}`
			`}`
			`}`

Use critibitgo 2018-04-07 16:59:10 +02:00			`if match, xval, found := patternMatcher.blockedPrefixes.LongestPrefix([]byte(qName)); found {`
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`return true, string(match) + "*", xval`
			`}`

			`for _, substring := range patternMatcher.blockedSubstrings {`
			`if strings.Contains(qName, substring) {`
			`return true, "" + substring + "", patternMatcher.indirectVals[substring]`
			`}`
			`}`

			`for _, pattern := range patternMatcher.blockedPatterns {`
			`if found, _ := filepath.Match(pattern, qName); found {`
			`return true, pattern, patternMatcher.indirectVals[pattern]`
			`}`
			`}`
New syntax for blocking/whitelisting rules: exact matching Example: =example.com Matches `example.com` but not `api.example.com` 2018-04-09 13:02:42 +02:00
Make the pattern-matching code reusable 2018-04-06 20:14:19 +02:00			`return false, "", nil`
			`}`