Skip to content

Regex blacklist patterns in non-default group not working for clients in default group #330

@ashmrtn

Description

@ashmrtn

In raising this issue, I confirm the following (please check boxes, eg [X]) Failure to fill the template will close your issue:

  • I have read and understood the contributors guide.
  • The issue I am reporting can be replicated
  • The issue I am reporting isn't a duplicate

How familiar are you with the codebase?:

2


[BUG] Expected Behaviour:
Blacklist regex patterns that are in a group other than the default group should be blocked for clients that are in the default group/no group

[BUG] Actual Behaviour:
Clients in the default group/no group can access domains that should be blocked by blacklist regex patterns in a group other than default

[BUG] Steps to reproduce:

  1. create new regex blacklist pattern
  2. create a new group
  3. add new regex pattern to a group other than the default group - do not add the pattern to both the new group and the default group, just add it to the new group
  4. try to access a domain that is blocked by the regex pattern with a client in the default group/not explicitly assigned to a group

This bug likely also appears for whitelisted regex patterns that are in the non-default group, though I haven't explicitly tested that situation.


I believe the queries to gravity's database for regex domains is a little too strict. The sql statement SELECT id from %s WHERE group_id IN (%s); in gravityDB_get_regex_client_groups selects only regex domains that match exactly the group of the client, even if the client is in the special "all groups" group with id 0.

I believe swapping out the linked line with something like the following would solve the problem:

if (strcmp(groups, "0") == 0) {
  // Client is in default group, allow all regex domains.
  if(asprintf(&querystr, "SELECT DISTINCT id from %s;", table) < 1)
  {
    logg("gravityDB_get_regex_client_groups(%s) - asprintf() error for client in default group", table);
    return false;
  }
} else {
  // Client belongs to a specific group or groups, select only those regex domains in the group(s).
  if(asprintf(&querystr, "SELECT id from %s WHERE group_id IN (%s);", table, groups) < 1)
  {
    logg("gravityDB_get_regex_client_groups(%s, %s) - asprintf() error", table, groups);
    return false;
  }
}

This template was created based on the work of udemy-dl.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions