checker-blacklist/checker/oisd_test.go

package checker

import (
	"context"
	"net/http"
	"net/http/httptest"
	"testing"

	sdk "git.happydns.org/checker-sdk-go/checker"
)

const oisdFakeFeed = `! OISD big domainswild
# comment line
*.evil.com
*.malware.example.org
*.c2.badactor.net
`

func TestOisdSource_Listed_ExactMatch(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
		_, _ = w.Write([]byte(oisdFakeFeed))
	}))
	defer srv.Close()

	s := &oisdSource{bigCache: newOisdCache(srv.URL)}
	r := s.Query(context.Background(), "evil.com", "evil.com", sdk.CheckerOptions{"enable_oisd": true})[0]

	if !r.Enabled || r.Error != "" {
		t.Fatalf("expected enabled and no error, got %+v", r)
	}
	if len(r.Evidence) != 1 || r.Evidence[0].Value != "evil.com" {
		t.Errorf("expected evidence [evil.com], got %+v", r.Evidence)
	}
	if listed, sev := s.Evaluate(r); !listed || sev != SeverityCrit {
		t.Errorf("expected (true, crit), got (%v, %q)", listed, sev)
	}
}

func TestOisdSource_Listed_SubdomainInFeed(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
		_, _ = w.Write([]byte(oisdFakeFeed))
	}))
	defer srv.Close()

	// Feed has "*.malware.example.org" → stored as "malware.example.org"; querying
	// registered "example.org" should match via suffix check.
	s := &oisdSource{bigCache: newOisdCache(srv.URL)}
	r := s.Query(context.Background(), "sub.example.org", "example.org", sdk.CheckerOptions{"enable_oisd": true})[0]

	if len(r.Evidence) != 1 || r.Evidence[0].Value != "malware.example.org" {
		t.Errorf("expected subdomain match, got %+v", r.Evidence)
	}
	if listed, _ := s.Evaluate(r); !listed {
		t.Error("expected listed=true")
	}
}

func TestOisdSource_NotListed(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
		_, _ = w.Write([]byte(oisdFakeFeed))
	}))
	defer srv.Close()

	s := &oisdSource{bigCache: newOisdCache(srv.URL)}
	r := s.Query(context.Background(), "safe.com", "safe.com", sdk.CheckerOptions{"enable_oisd": true})[0]

	if !r.Enabled || r.Error != "" || len(r.Evidence) != 0 {
		t.Fatalf("expected clean result, got %+v", r)
	}
	if listed, _ := s.Evaluate(r); listed {
		t.Error("expected listed=false")
	}
}

func TestOisdSource_Disabled(t *testing.T) {
	s := &oisdSource{bigCache: newOisdCache("http://nope")}
	r := s.Query(context.Background(), "evil.com", "evil.com", sdk.CheckerOptions{"enable_oisd": false})[0]
	if r.Enabled {
		t.Errorf("expected disabled, got %+v", r)
	}
}

func TestOisdSource_HTTPError(t *testing.T) {
	srv := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, _ *http.Request) {
		w.WriteHeader(http.StatusInternalServerError)
	}))
	defer srv.Close()

	s := &oisdSource{bigCache: newOisdCache(srv.URL)}
	r := s.Query(context.Background(), "evil.com", "evil.com", sdk.CheckerOptions{"enable_oisd": true})[0]

	if r.Error == "" || r.Error != "oisd HTTP 500" {
		t.Errorf("expected HTTP 500 error, got %q", r.Error)
	}
}