fix: Deny pihole apply requests containing wildcard

kubernetes-sigs · Nov 28, 2024 · 86083c0 · 86083c0
1 parent 560c5ae
commit 86083c0
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/provider/pihole/client.go b/provider/pihole/client.go
@@ -26,6 +26,7 @@ import (
 	"net/http"
 	"net/http/cookiejar"
 	"net/url"
+	"sigs.k8s.io/external-dns/provider"
 	"strings"
 
 	"github.com/linki/instrumented_http"
@@ -224,6 +225,10 @@ func (p *piholeClient) apply(ctx context.Context, action string, ep *endpoint.En
 	log.Infof("%s %s IN %s -> %s", action, ep.DNSName, ep.RecordType, ep.Targets[0])
 
 	form := p.newDNSActionForm(action, ep)
+	if strings.Contains(ep.DNSName, "*") {
+		log.Errorf("UNSUPPORTED: Pihole DNS names cannot return wildcard")
+		return provider.SoftError
+	}
 	req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, strings.NewReader(form.Encode()))
 	if err != nil {
 		return err