From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 31 Dec 2025 14:50:40 +0000 (+0000)
Subject: sources: Don't import anything that isn't globally resolvable
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8d17b2cb278be5f53a9962d6e23da12df842ab9f;p=dbl.git

sources: Don't import anything that isn't globally resolvable

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---

diff --git a/configure.ac b/configure.ac
index e233261..a6db886 100644
--- a/configure.ac
+++ b/configure.ac
@@ -56,6 +56,7 @@ AX_PYTHON_MODULE([dns], [fatal])
 AX_PYTHON_MODULE([babel], [fatal])
 AX_PYTHON_MODULE([fastapi], [fatal])
 AX_PYTHON_MODULE([httpx], [fatal])
+AX_PYTHON_MODULE([publicsuffix2], [fatal])
 AX_PYTHON_MODULE([rich], [fatal])
 AX_PYTHON_MODULE([sqlmodel], [fatal])
 
diff --git a/src/dnsbl/__init__.py b/src/dnsbl/__init__.py
index af1f72f..a378b08 100644
--- a/src/dnsbl/__init__.py
+++ b/src/dnsbl/__init__.py
@@ -23,6 +23,7 @@ import functools
 import httpx
 import io
 import logging
+import publicsuffix2
 import sqlmodel
 
 # Initialize logging as early as possible
@@ -85,6 +86,13 @@ class Backend(object):
 			follow_redirects=True,
 		)
 
+	@functools.cached_property
+	def psl(self):
+		"""
+			The Public Suffix List
+		"""
+		return publicsuffix2.PublicSuffixList()
+
 	@functools.cached_property
 	def auth(self):
 		return auth.Auth(self)
diff --git a/src/dnsbl/sources.py b/src/dnsbl/sources.py
index 86c06ce..a1035bf 100644
--- a/src/dnsbl/sources.py
+++ b/src/dnsbl/sources.py
@@ -283,6 +283,11 @@ class Source(sqlmodel.SQLModel, database.BackendMixin, table=True):
 								log.debug("Skipping ignored domain: %s" % domain)
 								continue
 
+							# Is the domain actually publicly resolvable?
+							if not self.backend.psl.get_tld(domain, strict=True):
+								log.debug("Skipping non-public domain: %s" % domain)
+								continue
+
 							# Add the domain
 							domains.add(domain)