Initial commit: Open sourcing all of the Maple Open Technologies code.

2025-12-02 14:33:08 -05:00 · 2025-12-02 14:33:08 -05:00 · 755d54a99d
commit 755d54a99d
2010 changed files with 448675 additions and 0 deletions
--- a/cloud/maplefile-backend/pkg/security/blacklist/blacklist.go
+++ b/cloud/maplefile-backend/pkg/security/blacklist/blacklist.go
@ -0,0 +1,76 @@
+package blacklist
+
+import (
+	"encoding/json"
+	"fmt"
+	"io/ioutil"
+	"os"
+)
+
+// Provider provides an interface for abstracting time.
+type Provider interface {
+	IsBannedIPAddress(ipAddress string) bool
+	IsBannedURL(url string) bool
+}
+
+type blacklistProvider struct {
+	bannedIPAddresses map[string]bool
+	bannedURLs        map[string]bool
+}
+
+// readBlacklistFileContent reads the contents of the blacklist file and returns
+// the list of banned items (ex: IP, URLs, etc).
+func readBlacklistFileContent(filePath string) ([]string, error) {
+	// Check if the file exists
+	if _, err := os.Stat(filePath); os.IsNotExist(err) {
+		return nil, fmt.Errorf("file %s does not exist", filePath)
+	}
+
+	// Read the file contents
+	data, err := ioutil.ReadFile(filePath)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read file %s: %v", filePath, err)
+	}
+
+	// Parse the JSON content as a list of IPs
+	var ips []string
+	if err := json.Unmarshal(data, &ips); err != nil {
+		return nil, fmt.Errorf("failed to parse JSON file %s: %v", filePath, err)
+	}
+
+	return ips, nil
+}
+
+// NewProvider Provider contructor that returns the default time provider.
+func NewProvider() Provider {
+	bannedIPAddresses := make(map[string]bool)
+	bannedIPAddressesFilePath := "static/blacklist/ips.json"
+	ips, err := readBlacklistFileContent(bannedIPAddressesFilePath)
+	if err == nil { // Aka: if the file exists...
+		for _, ip := range ips {
+			bannedIPAddresses[ip] = true
+		}
+	}
+
+	bannedURLs := make(map[string]bool)
+	bannedURLsFilePath := "static/blacklist/urls.json"
+	urls, err := readBlacklistFileContent(bannedURLsFilePath)
+	if err == nil { // Aka: if the file exists...
+		for _, url := range urls {
+			bannedURLs[url] = true
+		}
+	}
+
+	return blacklistProvider{
+		bannedIPAddresses: bannedIPAddresses,
+		bannedURLs:        bannedURLs,
+	}
+}
+
+func (p blacklistProvider) IsBannedIPAddress(ipAddress string) bool {
+	return p.bannedIPAddresses[ipAddress]
+}
+
+func (p blacklistProvider) IsBannedURL(url string) bool {
+	return p.bannedURLs[url]
+}
--- a/cloud/maplefile-backend/pkg/security/blacklist/blacklist_test.go
+++ b/cloud/maplefile-backend/pkg/security/blacklist/blacklist_test.go
@ -0,0 +1,132 @@
+package blacklist
+
+import (
+	"os"
+	"path/filepath"
+	"testing"
+
+	"github.com/stretchr/testify/assert"
+)
+
+func createTempFile(t *testing.T, content string) string {
+	tmpfile, err := os.CreateTemp("", "blacklist*.json")
+	assert.NoError(t, err)
+
+	err = os.WriteFile(tmpfile.Name(), []byte(content), 0644)
+	assert.NoError(t, err)
+
+	return tmpfile.Name()
+}
+
+func TestReadBlacklistFileContent(t *testing.T) {
+	tests := []struct {
+		name      string
+		content   string
+		wantItems []string
+		wantErr   bool
+	}{
+		{
+			name:      "valid json",
+			content:   `["192.168.1.1", "10.0.0.1"]`,
+			wantItems: []string{"192.168.1.1", "10.0.0.1"},
+			wantErr:   false,
+		},
+		{
+			name:      "empty array",
+			content:   `[]`,
+			wantItems: []string{},
+			wantErr:   false,
+		},
+		{
+			name:      "invalid json",
+			content:   `invalid json`,
+			wantItems: nil,
+			wantErr:   true,
+		},
+	}
+
+	for _, tt := range tests {
+		t.Run(tt.name, func(t *testing.T) {
+			tmpfile := createTempFile(t, tt.content)
+			defer os.Remove(tmpfile)
+
+			items, err := readBlacklistFileContent(tmpfile)
+			if tt.wantErr {
+				assert.Error(t, err)
+				assert.Nil(t, items)
+			} else {
+				assert.NoError(t, err)
+				assert.Equal(t, tt.wantItems, items)
+			}
+		})
+	}
+
+	t.Run("nonexistent file", func(t *testing.T) {
+		_, err := readBlacklistFileContent("nonexistent.json")
+		assert.Error(t, err)
+	})
+}
+
+func TestNewProvider(t *testing.T) {
+	// Create temporary blacklist files
+	ipsContent := `["192.168.1.1", "10.0.0.1"]`
+	urlsContent := `["example.com", "malicious.com"]`
+
+	tmpDir, err := os.MkdirTemp("", "blacklist")
+	assert.NoError(t, err)
+	defer os.RemoveAll(tmpDir)
+
+	err = os.MkdirAll(filepath.Join(tmpDir, "static/blacklist"), 0755)
+	assert.NoError(t, err)
+
+	err = os.WriteFile(filepath.Join(tmpDir, "static/blacklist/ips.json"), []byte(ipsContent), 0644)
+	assert.NoError(t, err)
+	err = os.WriteFile(filepath.Join(tmpDir, "static/blacklist/urls.json"), []byte(urlsContent), 0644)
+	assert.NoError(t, err)
+
+	// Change working directory temporarily
+	originalWd, err := os.Getwd()
+	assert.NoError(t, err)
+	err = os.Chdir(tmpDir)
+	assert.NoError(t, err)
+	defer os.Chdir(originalWd)
+
+	provider := NewProvider()
+	assert.NotNil(t, provider)
+
+	// Test IP blacklist
+	assert.True(t, provider.IsBannedIPAddress("192.168.1.1"))
+	assert.True(t, provider.IsBannedIPAddress("10.0.0.1"))
+	assert.False(t, provider.IsBannedIPAddress("172.16.0.1"))
+
+	// Test URL blacklist
+	assert.True(t, provider.IsBannedURL("example.com"))
+	assert.True(t, provider.IsBannedURL("malicious.com"))
+	assert.False(t, provider.IsBannedURL("safe.com"))
+}
+
+func TestIsBannedIPAddress(t *testing.T) {
+	provider := blacklistProvider{
+		bannedIPAddresses: map[string]bool{
+			"192.168.1.1": true,
+			"10.0.0.1":    true,
+		},
+	}
+
+	assert.True(t, provider.IsBannedIPAddress("192.168.1.1"))
+	assert.True(t, provider.IsBannedIPAddress("10.0.0.1"))
+	assert.False(t, provider.IsBannedIPAddress("172.16.0.1"))
+}
+
+func TestIsBannedURL(t *testing.T) {
+	provider := blacklistProvider{
+		bannedURLs: map[string]bool{
+			"example.com":   true,
+			"malicious.com": true,
+		},
+	}
+
+	assert.True(t, provider.IsBannedURL("example.com"))
+	assert.True(t, provider.IsBannedURL("malicious.com"))
+	assert.False(t, provider.IsBannedURL("safe.com"))
+}