safesearch: https req

2024-04-09 14:41:24 +02:00 · 2024-04-09 14:41:24 +02:00 · a665e7246d
parent 6f36ebc06c
commit a665e7246d
3 changed files with 42 additions and 30 deletions
--- a/internal/filtering/safesearch.go
+++ b/internal/filtering/safesearch.go
@ -42,7 +42,7 @@ func (d *DNSFilter) checkSafeSearch(
 ) (res Result, err error) {
 	if !setts.ProtectionEnabled ||
 		!setts.SafeSearchEnabled ||
-		(qtype != dns.TypeA && qtype != dns.TypeAAAA) {
+		(qtype != dns.TypeA && qtype != dns.TypeAAAA && qtype != dns.TypeHTTPS) {
 		return Result{}, nil
 	}

--- a/internal/filtering/safesearch/safesearch.go
+++ b/internal/filtering/safesearch/safesearch.go
@ -170,8 +170,11 @@ func (ss *Default) CheckHost(host string, qtype rules.RRType) (res filtering.Res
 		ss.log(log.DEBUG, "lookup for %q finished in %s", host, time.Since(start))
 	}()

-	if qtype != dns.TypeA && qtype != dns.TypeAAAA {
-		return filtering.Result{}, fmt.Errorf("unsupported question type %s", dns.Type(qtype))
+	switch qtype {
+	case dns.TypeA, dns.TypeAAAA, dns.TypeHTTPS:
+		// Go on.
+	default:
+		return filtering.Result{}, nil
 	}

 	// Check cache. Return cached result if it was found
--- a/internal/filtering/safesearch/safesearch_test.go
+++ b/internal/filtering/safesearch/safesearch_test.go
@ -52,45 +52,54 @@ func TestDefault_CheckHost_yandex(t *testing.T) {
 	ss, err := safesearch.NewDefault(conf, "", testCacheSize, testCacheTTL)
 	require.NoError(t, err)

-	// Check host for each domain.
-	for _, host := range []string{
+	hosts := []string{
 		"yandex.ru",
 		"yAndeX.ru",
 		"YANdex.COM",
 		"yandex.by",
 		"yandex.kz",
 		"www.yandex.com",
-	} {
-		var res filtering.Result
-		res, err = ss.CheckHost(host, testQType)
-		require.NoError(t, err)
-
-		assert.True(t, res.IsFiltered)
-
-		require.Len(t, res.Rules, 1)
-
-		assert.Equal(t, yandexIP, res.Rules[0].IP)
-		assert.Equal(t, rulelist.URLFilterIDSafeSearch, res.Rules[0].FilterListID)
 	}
-}

-func TestDefault_CheckHost_yandexAAAA(t *testing.T) {
-	conf := testConf
-	ss, err := safesearch.NewDefault(conf, "", testCacheSize, testCacheTTL)
-	require.NoError(t, err)
+	testCases := []struct {
+		name string
+		qt   uint16
+		want netip.Addr
+	}{{
+		name: "a",
+		qt:   dns.TypeA,
+		want: yandexIP,
+	}, {
+		name: "aaaa",
+		qt:   dns.TypeAAAA,
+		want: netip.Addr{},
+	}, {
+		name: "https",
+		qt:   dns.TypeHTTPS,
+		want: netip.Addr{},
+	}}

-	res, err := ss.CheckHost("www.yandex.ru", dns.TypeAAAA)
-	require.NoError(t, err)
+	for _, tc := range testCases {
+		for _, host := range hosts {
+			t.Run(tc.name+"_"+host, func(t *testing.T) {
+				// Check host for each domain.
+				var res filtering.Result
+				res, err = ss.CheckHost(host, tc.qt)
+				require.NoError(t, err)

-	assert.True(t, res.IsFiltered)
+				assert.True(t, res.IsFiltered)

-	// TODO(a.garipov): Currently, the safe-search filter returns a single rule
-	// with a nil IP address.  This isn't really necessary and should be changed
-	// once the TODO in [safesearch.Default.newResult] is resolved.
-	require.Len(t, res.Rules, 1)
+				// TODO(a.garipov): In case of AAAA and HTTPS requests, the
+				// safe-search filter returns a single rule with a nil IP
+				// address.  This isn't really necessary and should be changed
+				// once the TODO in [safesearch.Default.newResult] is resolved.
+				require.Len(t, res.Rules, 1)

-	assert.Empty(t, res.Rules[0].IP)
-	assert.Equal(t, rulelist.URLFilterIDSafeSearch, res.Rules[0].FilterListID)
+				assert.Equal(t, tc.want, res.Rules[0].IP)
+				assert.Equal(t, rulelist.URLFilterIDSafeSearch, res.Rules[0].FilterListID)
+			})
+		}
+	}
 }

 func TestDefault_CheckHost_google(t *testing.T) {