Further block/allow updates (#1406)

* ConfigFile change to allowlist and blocklist

* revised names and warnings

* consistent file naming in kebab case, and generic use of blocklist and allowlist in cmoments for clarity

* update ci files

* further allow/blocklist updates

* improve language in comments

Co-authored-by: Ian Bashford <ianbashford@gmail.com>

dnscrypt-proxy/example-allowed-names.txt

@@ -1,16 +1,16 @@
 
 ###########################
-#        Whitelist        #
+#        Allowlist        #
 ###########################
 
-## Rules for name-based query whitelisting, one per line
+## Rules for allowing queries based on name, one per line
 ##
 ## Example of valid patterns:
 ##
 ## ads.*         | matches anything with an "ads." prefix
 ## *.example.com | matches example.com and all names within that zone such as www.example.com
 ## example.com   | identical to the above
-## =example.com  | whitelists example.com but not *.example.com
+## =example.com  | allows example.com but not *.example.com
 ## *sex*         | matches any name containing that substring
 ## ads[0-9]*     | matches "ads" followed by one or more digits
 ## ads*.example* | *, ? and [] can be used anywhere, but prefixes/suffixes are faster

dnscrypt-proxy/example-blocked-ips.txt

@@ -1,8 +1,8 @@
 ##############################
-#        IP blacklist        #
+#        IP blocklist        #
 ##############################
 
-## Response containing blacklisted IP addresses will be blocked
+## Rules for IP-based response blocking
 ##
 ## Sample feeds of suspect IP addresses:
 ## - https://github.com/stamparm/ipsum

dnscrypt-proxy/example-blocked-names.txt

@@ -1,6 +1,6 @@
 
 ###########################
-#        Blacklist        #
+#        Blocklist        #
 ###########################
 
 ## Rules for name-based query blocking, one per line

dnscrypt-proxy/example-dnscrypt-proxy.toml

@@ -507,23 +507,23 @@ cache_neg_max_ttl = 600
 
 
 ######################################################
-#   Pattern-based allowlisting (blocklists bypass)   #
+#   Pattern-based allow lists (blocklists bypass)   #
 ######################################################
 
 ## Allowlists support the same patterns as blocklists
-## If a name matches a allowlist entry, the corresponding session
+## If a name matches an allowlist entry, the corresponding session
 ## will bypass names and IP filters.
 ##
 ## Time-based rules are also supported to make some websites only accessible at specific times of the day.
 
 [allowed_names]
 
-  ## Path to the file of allowlisting rules (absolute, or relative to the same directory as the config file)
+  ## Path to the file of allow list rules (absolute, or relative to the same directory as the config file)
 
   # allowed_names_file = 'allowed-names.txt'
 
 
-  ## Optional path to a file logging allowlisted queries
+  ## Optional path to a file logging allowed queries
 
   # log_file = 'allowed-names.log'
 

utils/generate-domains-blacklists/domains-blocklist.conf

@@ -1,30 +1,30 @@
 ##################################################################################
 #                                                                                #
-#   Generate a black list of domains using public data sources, and the local    #
+#   Generate a block list of domains using public data sources, and the local    #
-#   domains-blacklist-local-additions.txt file.                                  #
+#   domains-blocklist-local-additions.txt file.                                  #
 #                                                                                #
 #   The default configuration is just indicative, and corresponds to the one     #
 #   used to produce the public "mybase" set.                                     #
 #                                                                                #
 #   Comment out the URLs of the sources you wish to disable, leave the ones      #
 #   you would like enabled uncommented.  Then run the script to build the        #
-#   dnscrypt-blacklist-domains.txt file:                                         #
+#   dnscrypt-blocklist-domains.txt file:                                         #
 #                                                                                #
-#   $  generate-domains-blacklist.py > dnscrypt-blacklist-domains.txt            #
+#   $  generate-domains-blocklist.py > dnscrypt-blacklist-domains.txt            #
 #                                                                                #
 #   Domains that should never be blocked can be put into a file named            #
-#   domains-whitelist.txt.                                                       #
+#   domains-allowlist.txt.                                                       #
 #                                                                                #
-#   That blacklist file can then be used in the dnscrypt-proxy.toml file:        #
+#   That blocklist file can then be used in the dnscrypt-proxy.toml file:        #
 #                                                                                #
-#   [blacklist]                                                                  #
+#   [blocklist]                                                                  #
 #                                                                                #
-#   blacklist_file = 'dnscrypt-blacklist-domains.txt'                            #
+#   blocklist_file = 'dnscrypt-blocklist-domains.txt'                            #
 #                                                                                #
 ##################################################################################
 
 # Local additions
-file:domains-blacklist-local-additions.txt
+file:domains-blocklist-local-additions.txt
 
 # AdAway is an open source ad blocker for Android using the hosts file.
 # https://raw.githubusercontent.com/AdAway/adaway.github.io/master/hosts.txt

utils/generate-domains-blacklists/generate-domains-blocklist.py

@@ -1,6 +1,6 @@
 #! /usr/bin/env python3
 
-# run with python generate-domains-blacklist.py > list.txt.tmp && mv -f list.txt.tmp list
+# run with python generate-domains-blocklist.py > list.txt.tmp && mv -f list.txt.tmp list
 
 from __future__ import print_function
 
@@ -168,7 +168,7 @@ def has_suffix(names, name):
     return False
 
 
-def whitelist_from_url(url):
+def allowlist_from_url(url):
     if not url:
         return set()
     content, trusted = load_from_url(url)
@@ -177,16 +177,16 @@ def whitelist_from_url(url):
     return names
 
 
-def blacklists_from_config_file(
+def blocklists_from_config_file(
-    file, whitelist, time_restricted_url, ignore_retrieval_failure, output_file
+    file, allowlist, time_restricted_url, ignore_retrieval_failure, output_file
 ):
-    blacklists = {}
+    blocklists = {}
-    whitelisted_names = set()
+    allowed_names = set()
     all_names = set()
     unique_names = set()
     all_globs = set()
 
-    # Load conf & blacklists
+    # Load conf & blocklists
     with open(file) as fd:
         for line in fd:
             line = str.strip(line)
@@ -196,7 +196,7 @@ def blacklists_from_config_file(
             try:
                 content, trusted = load_from_url(url)
                 names, _time_restrictions, globs = parse_list(content, trusted)
-                blacklists[url] = names
+                blocklists[url] = names
                 all_names |= names
                 all_globs |= globs
             except Exception as e:
@@ -204,7 +204,7 @@ def blacklists_from_config_file(
                 if not ignore_retrieval_failure:
                     exit(1)
 
-    # Time-based blacklist
+    # Time-based blocklist
     if time_restricted_url and not re.match(r"^[a-z0-9]+:", time_restricted_url):
         time_restricted_url = "file:" + time_restricted_url
 
@@ -218,33 +218,33 @@ def blacklists_from_config_file(
             time_restricted_content)
 
         if time_restricted_names:
-            print("########## Time-based blacklist ##########\n",
+            print("########## Time-based blocklist ##########\n",
                   file=output_fd, end='\n')
             for name in time_restricted_names:
                 print_restricted_name(output_fd, name, time_restrictions)
 
-        # Time restricted names should be whitelisted, or they could be always blocked
+        # Time restricted names should be allowed, or they could be always blocked
-        whitelisted_names |= time_restricted_names
+        allowed_names |= time_restricted_names
 
-    # Whitelist
+    # Allowed list
-    if whitelist and not re.match(r"^[a-z0-9]+:", whitelist):
+    if allowlist and not re.match(r"^[a-z0-9]+:", allowlist):
-        whitelist = "file:" + whitelist
+        allowlist = "file:" + allowlist
 
-    whitelisted_names |= whitelist_from_url(whitelist)
+    allowed_names |= allowlist_from_url(allowlist)
 
-    # Process blacklists
+    # Process blocklists
-    for url, names in blacklists.items():
+    for url, names in blocklists.items():
-        print("\n\n########## Blacklist from {} ##########\n".format(
+        print("\n\n########## Blocklist from {} ##########\n".format(
             url), file=output_fd, end='\n')
-        ignored, glob_ignored, whitelisted = 0, 0, 0
+        ignored, glob_ignored, allowed = 0, 0, 0
         list_names = list()
         for name in names:
             if covered_by_glob(all_globs, name):
                 glob_ignored = glob_ignored + 1
             elif has_suffix(all_names, name) or name in unique_names:
                 ignored = ignored + 1
-            elif has_suffix(whitelisted_names, name) or name in whitelisted_names:
+            elif has_suffix(allowed_names, name) or name in allowed_names:
-                whitelisted = whitelisted + 1
+                allowed = allowed + 1
             else:
                 list_names.append(name)
                 unique_names.add(name)
@@ -256,10 +256,10 @@ def blacklists_from_config_file(
         if glob_ignored:
             print("# Ignored due to overlapping local patterns: {}".format(
                 glob_ignored), file=output_fd, end='\n')
-        if whitelisted:
+        if allowed:
             print(
-                "# Ignored entries due to the whitelist: {}".format(whitelisted), file=output_fd, end='\n')
+                "# Ignored entries due to the allowlist: {}".format(allowed), file=output_fd, end='\n')
-        if ignored or glob_ignored or whitelisted:
+        if ignored or glob_ignored or allowed:
             print(file=output_fd, end='\n')
         for name in list_names:
             print(name, file=output_fd, end='\n')
@@ -268,19 +268,19 @@ def blacklists_from_config_file(
 
 
 argp = argparse.ArgumentParser(
-    description="Create a unified blacklist from a set of local and remote files"
+    description="Create a unified blocklist from a set of local and remote files"
 )
 argp.add_argument(
     "-c",
     "--config",
-    default="domains-blacklist.conf",
+    default="domains-blocklist.conf",
-    help="file containing blacklist sources",
+    help="file containing blocklist sources",
 )
 argp.add_argument(
     "-w",
-    "--whitelist",
+    "--allowlist",
-    default="domains-whitelist.txt",
+    default="domains-allowlist.txt",
-    help="file containing a set of names to exclude from the blacklist",
+    help="file containing a set of names to exclude from the blocklist",
 )
 argp.add_argument(
     "-r",
@@ -298,17 +298,17 @@ argp.add_argument(
     "-o",
     "--output-file",
     default=None,
-    help="save generated blacklist to a text file with the provided file name",
+    help="save generated blocklist to a text file with the provided file name",
 )
 argp.add_argument("-t", "--timeout", default=30, help="URL open timeout")
 
 args = argp.parse_args()
 
 conf = args.config
-whitelist = args.whitelist
+allowlist = args.allowlist
 time_restricted = args.time_restricted
 ignore_retrieval_failure = args.ignore_retrieval_failure
 output_file = args.output_file
 
-blacklists_from_config_file(
+blocklists_from_config_file(
-    conf, whitelist, time_restricted, ignore_retrieval_failure, output_file)
+    conf, allowlist, time_restricted, ignore_retrieval_failure, output_file)