To monitor all domains, require "." to be specified

Now that we save all certs by default, we want to prevent people
from accidentally monitoring all domains, which could lead to MASSIVE
disk usage.

"." is used because it denotes the root zone in DNS.
This commit is contained in:
Andrew Ayer 2016-02-05 08:13:11 -08:00
parent e73a5a89a7
commit cfaf126284
1 changed files with 13 additions and 8 deletions
cmd/ctwatch

View File

@ -15,8 +15,17 @@ var stateDir = flag.String("state_dir", cmd.DefaultStateDir("ctwatch"), "Directo
func main() { func main() {
flag.Parse() flag.Parse()
var domains []string if flag.NArg() == 0 {
fmt.Fprintf(os.Stderr, "Usage: %s [flags] domain ...\n", os.Args[0])
fmt.Fprintf(os.Stderr, "\n")
fmt.Fprintf(os.Stderr, "To read domain list from stdin, use '-'. To monitor all domains, use '.'.\n")
fmt.Fprintf(os.Stderr, "See '%s -help' for a list of valid flags.\n", os.Args[0])
os.Exit(2)
}
var matcher ctwatch.Matcher
if flag.NArg() == 1 && flag.Arg(0) == "-" { if flag.NArg() == 1 && flag.Arg(0) == "-" {
var domains []string
scanner := bufio.NewScanner(os.Stdin) scanner := bufio.NewScanner(os.Stdin)
for scanner.Scan() { for scanner.Scan() {
domains = append(domains, scanner.Text()) domains = append(domains, scanner.Text())
@ -25,15 +34,11 @@ func main() {
fmt.Fprintf(os.Stderr, "%s: Error reading standard input: %s\n", os.Args[0], err) fmt.Fprintf(os.Stderr, "%s: Error reading standard input: %s\n", os.Args[0], err)
os.Exit(3) os.Exit(3)
} }
} else { matcher = ctwatch.NewDomainMatcher(domains)
domains = flag.Args() } else if flag.NArg() == 1 && flag.Arg(0) == "." { // "." as in root zone
}
var matcher ctwatch.Matcher
if len(domains) == 0 {
matcher = ctwatch.MatchAll{} matcher = ctwatch.MatchAll{}
} else { } else {
matcher = ctwatch.NewDomainMatcher(domains) matcher = ctwatch.NewDomainMatcher(flag.Args())
} }
cmd.Main(*stateDir, matcher) cmd.Main(*stateDir, matcher)