Merge pull request #29 from mildis/master

poolpOrg · web-flow · commit e90a24941bf3 · 2021-08-14T01:18:37.000+02:00
Rename whitelist to allowlist
diff --git a/README.md b/README.md
@@ -12,7 +12,7 @@ The filter currently supports:
 - adding an `X-SenderScore` header with the score of the source IP address
 - adding an `X-Spam` header to hosts with reputation below a certain value
 - applying a time penalty proportional to the IP reputation
-- whitelisting IP addresses or subnets
+- allowlisting IP addresses or subnets
 
 
 ## Dependencies
@@ -59,4 +59,4 @@ listen on all filter "senderscore"
 
 `-scoreHeader` will add an X-SenderScore header with reputation value if known.
 
-`-whitelist <file>` can be used to specify a file containing a list of IP addresses and subnets in CIDR notation to whitelist, one per line. IP addresses matching any entry in that list automatically receive a score of 100.
+`-allowlist <file>` can be used to specify a file containing a list of IP addresses and subnets in CIDR notation to allowlist, one per line. IP addresses matching any entry in that list automatically receive a score of 100.
diff --git a/filter-senderscore.go b/filter-senderscore.go
@@ -34,10 +34,10 @@ var blockPhase *string
 var junkBelow *int
 var slowFactor *int
 var scoreHeader *bool
-var whitelistFile *string
+var allowlistFile *string
 var testMode *bool
-var whitelist = make(map[string]bool)
-var whitelistMasks = make(map[int]bool)
+var allowlist = make(map[string]bool)
+var allowlistMasks = make(map[int]bool)
 
 var version string
 
@@ -95,12 +95,12 @@ func linkConnect(phase string, sessionId string, params []string) {
 		fmt.Fprintf(os.Stderr, "link-connect addr=%s score=%d\n", addr, s.score)
 	}(addr, s)
 
-	for maskOnes := range whitelistMasks {
+	for maskOnes := range allowlistMasks {
 		mask := net.CIDRMask(maskOnes, 32)
 		maskedAddr := addr.Mask(mask).String()
 		query := fmt.Sprintf("%s/%d", maskedAddr, maskOnes)
-		if whitelist[query] {
-			fmt.Fprintf(os.Stderr, "IP address %s matches whitelisted subnet %s\n", addr, query)
+		if allowlist[query] {
+			fmt.Fprintf(os.Stderr, "IP address %s matches allowlisted subnet %s\n", addr, query)
 			s.score = 100
 			return
 		}
@@ -290,12 +290,12 @@ func validatePhase(phase string) {
 	log.Fatalf("invalid block phase: %s", phase)
 }
 
-func loadWhitelists() {
-	if *whitelistFile == "" {
+func loadAllowlists() {
+	if *allowlistFile == "" {
 		return
 	}
 
-	file, err := os.Open(*whitelistFile)
+	file, err := os.Open(*allowlistFile)
 	if err != nil {
 		log.Fatal(err)
 	}
@@ -320,13 +320,13 @@ func loadWhitelists() {
 		}
 
 		maskOnes, _ := subnet.Mask.Size()
-		if !whitelistMasks[maskOnes] {
-			whitelistMasks[maskOnes] = true
+		if !allowlistMasks[maskOnes] {
+			allowlistMasks[maskOnes] = true
 		}
 		subnetStr := subnet.String()
-		if !whitelist[subnetStr] {
-			whitelist[subnetStr] = true
-			fmt.Fprintf(os.Stderr, "Subnet %s added to whitelist\n", subnetStr)
+		if !allowlist[subnetStr] {
+			allowlist[subnetStr] = true
+			fmt.Fprintf(os.Stderr, "Subnet %s added to allowlist\n", subnetStr)
 		}
 	}
 	if err := scanner.Err(); err != nil {
@@ -340,13 +340,13 @@ func main() {
 	junkBelow = flag.Int("junkBelow", -1, "score below which session is junked")
 	slowFactor = flag.Int("slowFactor", -1, "delay factor to apply to sessions")
 	scoreHeader = flag.Bool("scoreHeader", false, "add X-SenderScore header")
-	whitelistFile = flag.String("whitelist", "", "file containing a list of IP addresses or subnets in CIDR notation to whitelist, one per line")
+	allowlistFile = flag.String("allowlist", "", "file containing a list of IP addresses or subnets in CIDR notation to allowlist, one per line")
 	testMode = flag.Bool("testMode", false, "skip all DNS queries, process all requests sequentially, only for debugging purposes")
 
 	flag.Parse()
 
 	validatePhase(*blockPhase)
-	loadWhitelists()
+	loadAllowlists()
 
 	scanner := bufio.NewScanner(os.Stdin)
 	skipConfig(scanner)
diff --git a/test/4000-allowlist.sh b/test/4000-allowlist.sh
@@ -4,12 +4,12 @@
 
 test_init
 
-test_run 'test IP address whitelisting' '
-	cat <<-EOD >whitelist &&
+test_run 'test IP address allowlisting' '
+	cat <<-EOD >allowlist &&
 	1.1.1.1
 	3.3.3.3
 	EOD
-	cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -whitelist whitelist | sed "0,/^register|ready/d" >actual &&
+	cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -allowlist allowlist | sed "0,/^register|ready/d" >actual &&
 	config|ready
 	report|0.5|0|smtp-in|link-connect|7641df9771b4ed00||pass|1.1.1.1:33174|1.1.1.1:25
 	filter|0.5|0|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d||pass|1.1.1.1:33174|1.1.1.1:25
@@ -26,13 +26,13 @@ test_run 'test IP address whitelisting' '
 	test_cmp actual expected
 '
 
-test_run 'test subnet whitelisting' '
-	cat <<-EOD >whitelist &&
+test_run 'test subnet allowlisting' '
+	cat <<-EOD >allowlist &&
 	1.1.0.0/16
 	1.2.3.0/24
 	2.0.0.0/8
 	EOD
-	cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -whitelist whitelist | sed "0,/^register|ready/d" >actual &&
+	cat <<-EOD | "$FILTER_BIN" $FILTER_OPTS -blockBelow 20 -allowlist allowlist | sed "0,/^register|ready/d" >actual &&
 	config|ready
 	report|0.5|0|smtp-in|link-connect|7641df9771b4ed00||pass|1.1.1.1:33174|1.1.1.1:25
 	filter|0.5|0|smtp-in|connect|7641df9771b4ed00|1ef1c203cc576e5d||pass|1.1.1.1:33174|1.1.1.1:25
diff --git a/test/Makefile b/test/Makefile
@@ -3,7 +3,7 @@ check:
 	@./1000-block.sh 2>/dev/null
 	@./2000-junk.sh 2>/dev/null
 	@./3000-headers.sh 2>/dev/null
-	@./4000-whitelist.sh 2>/dev/null
+	@./4000-allowlist.sh 2>/dev/null
 	@./9000-legacy.sh 2>/dev/null
 
 .PHONY: check
