Remove 'clean' session and update get_external_nameservers function

The 'clean' section from rpm/gixy.spec file has been removed because it is no longer needed. Moreover, an important update has been made to the get_external_nameservers function under gixy/directives/directive.py to handle different types of IP addresses when getting a list of external nameservers used by the resolver directive. This enhances the function's capabilities in handling different IP address situations. Additionally, bumped the project version in gixy/__init__.py.
dvershinin · Jan 7, 2024 · 667c676 · LeviPesin · Jan 13, 2024 · dvershinin
1 parent fcf4dce
commit 667c676
Show file tree

Hide file tree

Showing 5 changed files with 32 additions and 7 deletions.
diff --git a/docs/en/plugins/resolver_external.md b/docs/en/plugins/resolver_external.md
@@ -0,0 +1 @@
+# [resolver_external] Using external DNS nameservers
diff --git a/gixy/__init__.py b/gixy/__init__.py
@@ -2,4 +2,4 @@
 
 from gixy.core import severity
 
-version = '0.1.22'
+version = '0.1.23'
diff --git a/gixy/directives/directive.py b/gixy/directives/directive.py
@@ -171,9 +171,35 @@ def __init__(self, name, args):
         self.addresses = addresses
 
     def get_external_nameservers(self):
+        """Get a list of external nameservers used by the resolver directive"""
         external_nameservers = []
         for addr in self.addresses:
             ip = addr.rsplit(':', 1)[0]
-            if ip not in ['127.0.0.1', '[::1]']:
-                external_nameservers.append(ip)
+
+            # Check for IPv4 addresses
+            if '.' in ip:
+                # Exclude loopback addresses (127.0.0.0/8)
+                if ip.startswith('127.'):
+                    continue
+                # Exclude private addresses (10.x.x.x, 172.16.x.x - 172.31.x.x, 192.168.x.x)
+                if ip.startswith('10.') or ip.startswith('192.168.'):
+                    continue
+                if ip.startswith('172.'):
+                    second_octet = int(ip.split('.')[1])
+                    if 16 <= second_octet <= 31:
+                        continue
+
+            # Check for IPv6 addresses
+            elif ':' in ip:
+                # Exclude loopback address ([::1])
+                if ip == '::1':
+                    continue
+                # Exclude link-local addresses (fe80::/10)
+                if ip.startswith('fe80:'):
+                    continue
+                # Exclude unique local addresses (fc00::/7)
+                if ip.startswith('fc') or ip.startswith('fd'):
+                    continue
+
+            external_nameservers.append(ip)
         return external_nameservers
diff --git a/rpm/gixy.spec b/rpm/gixy.spec
@@ -25,16 +25,14 @@ Provides:       %{name} = %{verion}-%{release}
 ########################################################################################
 
 %description
-Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent 
+Gixy is a tool to analyze Nginx configuration. The main goal of Gixy is to prevent
 misconfiguration and automate flaw detection.
 
 ########################################################################################
 
 %prep
 %setup -qn %{name}-%{version}
 
-%clean
-rm -rf %{buildroot}
 
 %build
 python setup.py build
@@ -75,4 +73,3 @@ python setup.py install --prefix=%{_prefix} \
 
 * Sat Apr 29 2017 Yandex Team <opensource@yandex-team.ru> - 0.1.1-0
 - Initial build
-
diff --git a/tests/plugins/simply/resolver_external/resolver_local_fp.conf b/tests/plugins/simply/resolver_external/resolver_local_fp.conf
@@ -0,0 +1 @@
+resolver 10.0.0.1;