To monitor all domains, require "." to be specified

Now that we save all certs by default, we want to prevent people from accidentally monitoring all domains, which could lead to MASSIVE disk usage. "." is used because it denotes the root zone in DNS.
2016-02-05 08:13:11 -08:00 · 2016-02-05 08:13:11 -08:00 · cfaf126284
parent e73a5a89a7
commit cfaf126284
1 changed files with 13 additions and 8 deletions
--- a/cmd/ctwatch/main.go
+++ b/cmd/ctwatch/main.go
@ -15,8 +15,17 @@ var stateDir = flag.String("state_dir", cmd.DefaultStateDir("ctwatch"), "Directo
 func main() {
 	flag.Parse()

-	var domains []string
+	if flag.NArg() == 0 {
+		fmt.Fprintf(os.Stderr, "Usage: %s [flags] domain ...\n", os.Args[0])
+		fmt.Fprintf(os.Stderr, "\n")
+		fmt.Fprintf(os.Stderr, "To read domain list from stdin, use '-'. To monitor all domains, use '.'.\n")
+		fmt.Fprintf(os.Stderr, "See '%s -help' for a list of valid flags.\n", os.Args[0])
+		os.Exit(2)
+	}
+
+	var matcher ctwatch.Matcher
 	if flag.NArg() == 1 && flag.Arg(0) == "-" {
+		var domains []string
 		scanner := bufio.NewScanner(os.Stdin)
 		for scanner.Scan() {
 			domains = append(domains, scanner.Text())
@ -25,15 +34,11 @@ func main() {
 			fmt.Fprintf(os.Stderr, "%s: Error reading standard input: %s\n", os.Args[0], err)
 			os.Exit(3)
 		}
-	} else {
-		domains = flag.Args()
-	}
-
-	var matcher ctwatch.Matcher
-	if len(domains) == 0 {
+		matcher = ctwatch.NewDomainMatcher(domains)
+	} else if flag.NArg() == 1 && flag.Arg(0) == "." { // "." as in root zone
 		matcher = ctwatch.MatchAll{}
 	} else {
-		matcher = ctwatch.NewDomainMatcher(domains)
+		matcher = ctwatch.NewDomainMatcher(flag.Args())
 	}

 	cmd.Main(*stateDir, matcher)