From 86083c06ece2c0818e4723b9468c298e629001e0 Mon Sep 17 00:00:00 2001 From: MicahBird <31116011+MicahBird@users.noreply.github.com> Date: Thu, 28 Nov 2024 06:50:47 -0700 Subject: [PATCH 1/5] fix: Deny pihole apply requests containing wildcard --- provider/pihole/client.go | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/provider/pihole/client.go b/provider/pihole/client.go index f7410b10a0..a49fd34036 100644 --- a/provider/pihole/client.go +++ b/provider/pihole/client.go @@ -26,6 +26,7 @@ import ( "net/http" "net/http/cookiejar" "net/url" + "sigs.k8s.io/external-dns/provider" "strings" "github.com/linki/instrumented_http" @@ -224,6 +225,10 @@ func (p *piholeClient) apply(ctx context.Context, action string, ep *endpoint.En log.Infof("%s %s IN %s -> %s", action, ep.DNSName, ep.RecordType, ep.Targets[0]) form := p.newDNSActionForm(action, ep) + if strings.Contains(ep.DNSName, "*") { + log.Errorf("UNSUPPORTED: Pihole DNS names cannot return wildcard") + return provider.SoftError + } req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, strings.NewReader(form.Encode())) if err != nil { return err From a5f3d84e1bc8587981a1edc163b5a6a05ea2cae4 Mon Sep 17 00:00:00 2001 From: MicahBird <31116011+MicahBird@users.noreply.github.com> Date: Thu, 28 Nov 2024 07:50:54 -0700 Subject: [PATCH 2/5] test: Add wildcard test --- provider/pihole/client_test.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/provider/pihole/client_test.go b/provider/pihole/client_test.go index 8e87d2bde3..1f3f4d864d 100644 --- a/provider/pihole/client_test.go +++ b/provider/pihole/client_test.go @@ -21,6 +21,7 @@ import ( "encoding/json" "net/http" "net/http/httptest" + "sigs.k8s.io/external-dns/provider" "strings" "testing" @@ -353,6 +354,16 @@ func TestCreateRecord(t *testing.T) { if err := cl.createRecord(context.Background(), ep); err != nil { t.Fatal(err) } + + // Test create a wildcard record and ensure it fails + ep = &endpoint.Endpoint{ + DNSName: "*.example.com", + Targets: []string{"192.168.1.1"}, + RecordType: endpoint.RecordTypeA, + } + if err := cl.createRecord(context.Background(), ep); err != provider.SoftError { + t.Fatal(err) + } } func TestDeleteRecord(t *testing.T) { From a1587f2d79c3d54bf049bd7f386f6e0056f8b64b Mon Sep 17 00:00:00 2001 From: Micah Bird <31116011+MicahBird@users.noreply.github.com> Date: Thu, 28 Nov 2024 09:04:07 -0700 Subject: [PATCH 3/5] Update provider/pihole/client.go SoftError Co-authored-by: Michel Loiseleur <97035654+mloiseleur@users.noreply.github.com> --- provider/pihole/client.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/provider/pihole/client.go b/provider/pihole/client.go index a49fd34036..8d3d52555c 100644 --- a/provider/pihole/client.go +++ b/provider/pihole/client.go @@ -226,8 +226,7 @@ func (p *piholeClient) apply(ctx context.Context, action string, ep *endpoint.En form := p.newDNSActionForm(action, ep) if strings.Contains(ep.DNSName, "*") { - log.Errorf("UNSUPPORTED: Pihole DNS names cannot return wildcard") - return provider.SoftError + return provider.NewSoftError(errors.New("UNSUPPORTED: Pihole DNS names cannot return wildcard")) } req, err := http.NewRequestWithContext(ctx, http.MethodPost, url, strings.NewReader(form.Encode())) if err != nil { From bfe827845e0fc3de6621cce0b93cdc304b44e088 Mon Sep 17 00:00:00 2001 From: MicahBird <31116011+MicahBird@users.noreply.github.com> Date: Thu, 28 Nov 2024 10:19:05 -0700 Subject: [PATCH 4/5] Refactor test for error --- provider/pihole/client_test.go | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/provider/pihole/client_test.go b/provider/pihole/client_test.go index 1f3f4d864d..92b0a87560 100644 --- a/provider/pihole/client_test.go +++ b/provider/pihole/client_test.go @@ -21,7 +21,6 @@ import ( "encoding/json" "net/http" "net/http/httptest" - "sigs.k8s.io/external-dns/provider" "strings" "testing" @@ -361,7 +360,7 @@ func TestCreateRecord(t *testing.T) { Targets: []string{"192.168.1.1"}, RecordType: endpoint.RecordTypeA, } - if err := cl.createRecord(context.Background(), ep); err != provider.SoftError { + if err := cl.createRecord(context.Background(), ep); err == nil { t.Fatal(err) } } From 5b72000f05b842ab6ffb0bbb6352d27afc65bca2 Mon Sep 17 00:00:00 2001 From: MicahBird <31116011+MicahBird@users.noreply.github.com> Date: Thu, 28 Nov 2024 12:15:13 -0700 Subject: [PATCH 5/5] Attempt to fix linting error --- provider/pihole/client.go | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/provider/pihole/client.go b/provider/pihole/client.go index 8d3d52555c..0d1c715200 100644 --- a/provider/pihole/client.go +++ b/provider/pihole/client.go @@ -26,7 +26,6 @@ import ( "net/http" "net/http/cookiejar" "net/url" - "sigs.k8s.io/external-dns/provider" "strings" "github.com/linki/instrumented_http" @@ -34,6 +33,7 @@ import ( "golang.org/x/net/html" "sigs.k8s.io/external-dns/endpoint" + "sigs.k8s.io/external-dns/provider" ) // piholeAPI declares the "API" actions performed against the Pihole server.