Home Explore Help
Sign In
mirror
/
SukkaSurge
mirror of https://github.com/SukkaW/Surge.git
2
0
Fork 0
Files Issues 0 Wiki
Tree: 939fa0d2a0
Branches Tags
SukkaSurge
/
Build
/
build-reject-domainset.ts

build-reject-domainset.ts 14 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306 
  1. // @ts-check
    2. 

  2. import path from 'node:path';
    3. 

  3. import process from 'node:process';
    4. 

  4. 

  5. import { processHostsWithPreload } from './lib/parse-filter/hosts';
    6. 

  6. import { processDomainListsWithPreload } from './lib/parse-filter/domainlists';
    7. 

  7. import { processFilterRulesWithPreload } from './lib/parse-filter/filters';
    8. 

  8. 

  9. import { HOSTS, ADGUARD_FILTERS, PREDEFINED_WHITELIST, DOMAIN_LISTS, HOSTS_EXTRA, DOMAIN_LISTS_EXTRA, ADGUARD_FILTERS_EXTRA, ADGUARD_FILTERS_WHITELIST, PHISHING_HOSTS_EXTRA, PHISHING_DOMAIN_LISTS_EXTRA, BOGUS_NXDOMAIN_DNSMASQ } from './constants/reject-data-source';
    10. 

  10. import { readFileIntoProcessedArray } from './lib/fetch-text-by-line';
    11. 

  11. import { task } from './trace';
    12. 

  12. // tldts-experimental is way faster than tldts, but very little bit inaccurate
    13. 

  13. // (since it is hashes based). But the result is still deterministic, which is
    14. 

  14. // enough when creating a simple stat of reject hosts.
    15. 

  15. import { SHARED_DESCRIPTION } from './constants/description';
    16. 

  16. 

  17. import { addArrayElementsToSet } from 'foxts/add-array-elements-to-set';
    18. 

  18. import { OUTPUT_INTERNAL_DIR, SOURCE_DIR } from './constants/dir';
    19. 

  19. import { DomainsetOutput, AdGuardHomeOutput } from './lib/rules/domainset';
    20. 

  20. import { foundDebugDomain } from './lib/parse-filter/shared';
    21. 

  21. import { createWorker } from './lib/worker';
    22. 

  22. import type { MaybePromise } from './lib/misc';
    23. 

  23. import { RulesetOutput } from './lib/rules/ruleset';
    24. 

  24. import { fetchAssets } from './lib/fetch-assets';
    25. 

  25. import { AUGUST_ASN, HUIZE_ASN } from '../Source/ip/badboy_asn';
    26. 

  26. import { arrayPushNonNullish } from 'foxts/array-push-non-nullish';
    27. 

  27. 

  28. const readLocalRejectDomainsetPromise = readFileIntoProcessedArray(path.join(SOURCE_DIR, 'domainset/reject.conf'));
    29. 

  29. const readLocalRejectExtraDomainsetPromise = readFileIntoProcessedArray(path.join(SOURCE_DIR, 'domainset/reject_extra.conf'));
    30. 

  30. const readLocalRejectRulesetPromise = readFileIntoProcessedArray(path.join(SOURCE_DIR, 'non_ip/reject.conf'));
    31. 

  31. const readLocalRejectIpListPromise = readFileIntoProcessedArray(path.resolve(SOURCE_DIR, 'ip/reject.conf'));
    32. 

  32. 

  33. const hostsDownloads = HOSTS.map(entry => processHostsWithPreload(...entry));
    34. 

  34. const hostsExtraDownloads = HOSTS_EXTRA.map(entry => processHostsWithPreload(...entry));
    35. 

  35. const domainListsDownloads = DOMAIN_LISTS.map(entry => processDomainListsWithPreload(...entry));
    36. 

  36. const domainListsExtraDownloads = DOMAIN_LISTS_EXTRA.map(entry => processDomainListsWithPreload(...entry));
    37. 

  37. const adguardFiltersDownloads = ADGUARD_FILTERS.map(entry => processFilterRulesWithPreload(...entry));
    38. 

  38. const adguardFiltersExtraDownloads = ADGUARD_FILTERS_EXTRA.map(entry => processFilterRulesWithPreload(...entry));
    39. 

  39. const adguardFiltersWhitelistsDownloads = ADGUARD_FILTERS_WHITELIST.map(entry => processFilterRulesWithPreload(...entry));
    40. 

  40. 

  41. export const buildRejectDomainSet = task(require.main === module, __filename)(async (span) => {
    42. 

  42.   const phishingWorker = createWorker<typeof import('./lib/get-phishing-domains')>(
    43. 

  43.     require.resolve('./lib/get-phishing-domains')
    44. 

  44.   )(['getPhishingDomains']);
    45. 

  45.   const rejectDomainsetOutput = new DomainsetOutput(span, 'reject')
    46. 

  46.     .withTitle('Sukka\'s Ruleset - Reject Base')
    47. 

  47.     .appendDescription(
    48. 

  48.       SHARED_DESCRIPTION,
    49. 

  49.       '',
    50. 

  50.       'The domainset supports AD blocking, tracking protection, privacy protection, anti-mining'
    51. 

  51.     )
    52. 

  52.     .appendDataSource(HOSTS.map(host => host[0]))
    53. 

  53.     .appendDataSource(DOMAIN_LISTS.map(domainList => domainList[0]));
    54. 

  54. 

  55.   const rejectExtraDomainsetOutput = new DomainsetOutput(span, 'reject_extra')
    56. 

  56.     .withTitle('Sukka\'s Ruleset - Reject Extra')
    57. 

  57.     .appendDescription(
    58. 

  58.       SHARED_DESCRIPTION,
    59. 

  59.       '',
    60. 

  60.       'The domainset supports AD blocking, tracking protection, privacy protection, anti-mining'
    61. 

  61.     )
    62. 

  62.     .appendDataSource(HOSTS_EXTRA.map(host => host[0]))
    63. 

  63.     .appendDataSource(DOMAIN_LISTS_EXTRA.map(domainList => domainList[0]));
    64. 

  64. 

  65.   const rejectPhisingDomainsetOutput = new DomainsetOutput(span, 'reject_phishing')
    66. 

  66.     .withTitle('Sukka\'s Ruleset - Reject Phishing')
    67. 

  67.     .appendDescription(
    68. 

  68.       SHARED_DESCRIPTION,
    69. 

  69.       '',
    70. 

  70.       'The domainset is specifically designed for anti-phishing'
    71. 

  71.     )
    72. 

  72.     .appendDataSource(PHISHING_HOSTS_EXTRA.map(host => host[0]))
    73. 

  73.     .appendDataSource(PHISHING_DOMAIN_LISTS_EXTRA.map(domainList => domainList[0]));
    74. 

  74. 

  75.   const rejectNonIpRulesetOutput = new RulesetOutput(span, 'reject', 'non_ip')
    76. 

  76.     .withTitle('Sukka\'s Ruleset - Reject Non-IP')
    77. 

  77.     .appendDescription(SHARED_DESCRIPTION, '')
    78. 

  78.     .appendDescription(
    79. 

  79.       'The ruleset supports AD blocking, tracking protection, privacy protection, anti-phishing, anti-mining',
    80. 

  80.       '',
    81. 

  81.       'The file contains wildcard domains from data source mentioned in /domainset/reject file'
    82. 

  82.     );
    83. 

  83. 

  84.   const rejectIPOutput = new RulesetOutput(span, 'reject', 'ip')
    85. 

  85.     .withTitle('Sukka\'s Ruleset - Anti Bogus Domain')
    86. 

  86.     .appendDescription(
    87. 

  87.       SHARED_DESCRIPTION,
    88. 

  88.       '',
    89. 

  89.       'This file contains known addresses that are hijacking NXDOMAIN results returned by DNS servers, and botnet controller IPs.'
    90. 

  90.     )
    91. 

  91.     .appendDataSource('https://github.com/felixonmars/dnsmasq-china-list')
    92. 

  92.     .appendDataSource('https://github.com/curbengh/botnet-filter')
    93. 

  93.     .bulkAddIPASN(AUGUST_ASN)
    94. 

  94.     .bulkAddIPASN(HUIZE_ASN);
    95. 

  95. 

  96.   // Dedupe domainSets (no need to await this)
    97. 

  97.   // Collect DOMAIN, DOMAIN-SUFFIX, and DOMAIN-KEYWORD from non_ip/reject.conf for deduplication
    98. 

  98.   // DOMAIN-WILDCARD is not really useful for deduplication, it is only included in AdGuardHome output
    99. 

  99.   // It is faster to add base than add others first then whitelist
    100. 

  100.   rejectDomainsetOutput.addFromRuleset(readLocalRejectRulesetPromise);
    101. 

  101.   rejectExtraDomainsetOutput.addFromRuleset(readLocalRejectRulesetPromise);
    102. 

  102. 

  103.   rejectNonIpRulesetOutput.addFromRuleset(readLocalRejectRulesetPromise);
    104. 

  104. 

  105.   rejectDomainsetOutput.addFromDomainset(readLocalRejectDomainsetPromise);
    106. 

  106.   rejectExtraDomainsetOutput.addFromDomainset(readLocalRejectDomainsetPromise);
    107. 

  107.   rejectPhisingDomainsetOutput.addFromDomainset(readLocalRejectDomainsetPromise);
    108. 

  108. 

  109.   rejectExtraDomainsetOutput.addFromDomainset(readLocalRejectExtraDomainsetPromise);
    110. 

  110. 

  111.   rejectIPOutput.addFromRuleset(readLocalRejectIpListPromise);
    112. 

  112. 

  113.   const appendArrayToRejectOutput = (source: MaybePromise<AsyncIterable<string> | Iterable<string> | string[]>) => rejectDomainsetOutput.addFromDomainset(source);
    114. 

  114.   const appendArrayToRejectExtraOutput = (source: MaybePromise<AsyncIterable<string> | Iterable<string> | string[]>) => rejectExtraDomainsetOutput.addFromDomainset(source);
    115. 

  115. 

  116.   /** Whitelists */
    117. 

  117.   const filterRuleWhitelistDomainSets = new Set(PREDEFINED_WHITELIST);
    118. 

  118.   const filterRuleWhiteKeywords = new Set<string>();
    119. 

  119. 

  120.   // Parse from AdGuard Filters
    121. 

  121.   await span
    122. 

  122.     .traceChild('download and process hosts / adblock filter rules')
    123. 

  123.     .traceAsyncFn((childSpan) => {
    124. 

  124.       const promises: Array<Promise<void>> = [];
    125. 

  125.       // Parse from remote hosts & domain lists
    126. 

  126. 

  127.       arrayPushNonNullish(promises, hostsDownloads.map(task => task(childSpan).then(appendArrayToRejectOutput)));
    128. 

  128.       arrayPushNonNullish(promises, hostsExtraDownloads.map(task => task(childSpan).then(appendArrayToRejectExtraOutput)));
    129. 

  129.       arrayPushNonNullish(promises, domainListsDownloads.map(task => task(childSpan).then(appendArrayToRejectOutput)));
    130. 

  130.       arrayPushNonNullish(promises, domainListsExtraDownloads.map(task => task(childSpan).then(appendArrayToRejectExtraOutput)));
    131. 

  131. 

  132.       rejectPhisingDomainsetOutput.addFromDomainset(
    133. 

  133.         span.traceChildPromise('get phishing domains', phishingWorker.getPhishingDomains())
    134. 

  134.       );
    135. 

  135. 

  136.       arrayPushNonNullish(
    137. 

  137.         promises,
    138. 

  138.         adguardFiltersDownloads.map(
    139. 

  139.           task => task(childSpan).then(({
    140. 

  140.             filterRulesUrl,
    141. 

  141.             whiteDomains, whiteDomainSuffixes,
    142. 

  142.             blackDomains, blackDomainSuffixes,
    143. 

  143.             blackIPs, blackWildcard,
    144. 

  144.             whiteKeyword, blackKeyword
    145. 

  145.           }) => {
    146. 

  146.             addArrayElementsToSet(filterRuleWhitelistDomainSets, whiteDomains);
    147. 

  147.             addArrayElementsToSet(filterRuleWhitelistDomainSets, whiteDomainSuffixes, suffix => '.' + suffix);
    148. 

  148. 

  149.             addArrayElementsToSet(filterRuleWhiteKeywords, whiteKeyword);
    150. 

  150. 

  151.             rejectDomainsetOutput.bulkAddDomain(blackDomains);
    152. 

  152.             rejectDomainsetOutput.bulkAddDomainSuffix(blackDomainSuffixes);
    153. 

  153. 

  154.             rejectDomainsetOutput.bulkAddDomainKeyword(blackKeyword);
    155. 

  155. 

  156.             rejectDomainsetOutput.appendDataSource(filterRulesUrl);
    157. 

  157. 

  158.             rejectNonIpRulesetOutput.bulkAddDomainWildcard(blackWildcard);
    159. 

  159.             rejectNonIpRulesetOutput.appendDataSource(filterRulesUrl);
    160. 

  160. 

  161.             rejectIPOutput.bulkAddAnyCIDR(blackIPs, false);
    162. 

  162.             rejectIPOutput.appendDataSource(filterRulesUrl);
    163. 

  163.           })
    164. 

  164.         )
    165. 

  165.       );
    166. 

  166. 

  167.       arrayPushNonNullish(
    168. 

  168.         promises,
    169. 

  169.         adguardFiltersExtraDownloads.map(
    170. 

  170.           task => task(childSpan).then(({
    171. 

  171.             filterRulesUrl,
    172. 

  172.             whiteDomains, whiteDomainSuffixes,
    173. 

  173.             blackDomains, blackDomainSuffixes,
    174. 

  174.             blackIPs, blackWildcard, whiteKeyword, blackKeyword
    175. 

  175.           }) => {
    176. 

  176.             addArrayElementsToSet(filterRuleWhitelistDomainSets, whiteDomains);
    177. 

  177.             addArrayElementsToSet(filterRuleWhitelistDomainSets, whiteDomainSuffixes, suffix => '.' + suffix);
    178. 

  178.             addArrayElementsToSet(filterRuleWhiteKeywords, whiteKeyword);
    179. 

  179. 

  180.             rejectExtraDomainsetOutput.bulkAddDomain(blackDomains);
    181. 

  181.             rejectExtraDomainsetOutput.bulkAddDomainSuffix(blackDomainSuffixes);
    182. 

  182. 

  183.             rejectExtraDomainsetOutput.bulkAddDomainKeyword(blackKeyword);
    184. 

  184. 

  185.             rejectExtraDomainsetOutput.appendDataSource(filterRulesUrl);
    186. 

  186. 

  187.             rejectIPOutput.bulkAddAnyCIDR(blackIPs, false);
    188. 

  188.             rejectIPOutput.appendDataSource(filterRulesUrl);
    189. 

  189. 

  190.             rejectNonIpRulesetOutput.bulkAddDomainWildcard(blackWildcard);
    191. 

  191.             rejectNonIpRulesetOutput.appendDataSource(filterRulesUrl);
    192. 

  192.           })
    193. 

  193.         )
    194. 

  194.       );
    195. 

  195.       arrayPushNonNullish(
    196. 

  196.         promises,
    197. 

  197.         adguardFiltersWhitelistsDownloads.map(
    198. 

  198.           task => task(childSpan).then(({ whiteDomains, whiteDomainSuffixes, blackDomains, blackDomainSuffixes, whiteKeyword, blackKeyword }) => {
    199. 

  199.             addArrayElementsToSet(filterRuleWhitelistDomainSets, whiteDomains);
    200. 

  200.             addArrayElementsToSet(filterRuleWhitelistDomainSets, whiteDomainSuffixes, suffix => '.' + suffix);
    201. 

  201.             addArrayElementsToSet(filterRuleWhitelistDomainSets, blackDomains);
    202. 

  202.             addArrayElementsToSet(filterRuleWhitelistDomainSets, blackDomainSuffixes, suffix => '.' + suffix);
    203. 

  203.             addArrayElementsToSet(filterRuleWhiteKeywords, whiteKeyword);
    204. 

  204.             addArrayElementsToSet(filterRuleWhiteKeywords, blackKeyword);
    205. 

  205.           })
    206. 

  206.         )
    207. 

  207.       );
    208. 

  208. 

  209.       promises.push(span.traceChildAsync(
    210. 

  210.         'get bogus nxdomain ips',
    211. 

  211.         () => fetchAssets(...BOGUS_NXDOMAIN_DNSMASQ, true, false).then(arr => {
    212. 

  212.           for (let i = 0, len = arr.length; i < len; i++) {
    213. 

  213.             const line = arr[i];
    214. 

  214.             if (line.startsWith('bogus-nxdomain=')) {
    215. 

  215.               // bogus nxdomain needs to be blocked even after resolved
    216. 

  216.               rejectIPOutput.addAnyCIDR(
    217. 

  217.                 line.slice(15).trim(),
    218. 

  218.                 false
    219. 

  219.               );
    220. 

  220.             }
    221. 

  221.           }
    222. 

  222.           // return arr;
    223. 

  223.         })
    224. 

  224.       ));
    225. 

  225. 

  226.       return Promise.all(promises);
    227. 

  227.     });
    228. 

  228. 

  229.   if (foundDebugDomain.value) {
    230. 

  230.     // eslint-disable-next-line sukka/unicorn/no-process-exit -- cli App
    231. 

  231.     process.exit(1);
    232. 

  232.   }
    233. 

  233. 

  234.   await Promise.all([
    235. 

  235.     rejectDomainsetOutput.done(),
    236. 

  236.     rejectExtraDomainsetOutput.done(),
    237. 

  237.     rejectPhisingDomainsetOutput.done(),
    238. 

  238.     rejectIPOutput.done(),
    239. 

  239.     rejectNonIpRulesetOutput.done()
    240. 

  240.   ]);
    241. 

  241. 

  242.   // whitelist
    243. 

  243.   span.traceChildSync('whitelist', () => {
    244. 

  244.     for (const domain of filterRuleWhitelistDomainSets) {
    245. 

  245.       rejectDomainsetOutput.whitelistDomain(domain);
    246. 

  246.       rejectExtraDomainsetOutput.whitelistDomain(domain);
    247. 

  247.       rejectPhisingDomainsetOutput.whitelistDomain(domain);
    248. 

  248. 

  249.       // DON'T Whitelist reject non_ip ruleset, we are force blocking thingshere
    250. 

  250.       // rejectNonIpRulesetOutput.whitelistDomain(domain);
    251. 

  251.     }
    252. 

  252. 

  253.     // we use "whitelistKeyword" method, this will be used to create kwfilter internally
    254. 

  254.     for (const keyword of filterRuleWhiteKeywords) {
    255. 

  255.       rejectDomainsetOutput.whitelistKeyword(keyword);
    256. 

  256.       rejectExtraDomainsetOutput.whitelistKeyword(keyword);
    257. 

  257.       rejectPhisingDomainsetOutput.whitelistKeyword(keyword);
    258. 

  258.       rejectNonIpRulesetOutput.whitelistKeyword(keyword);
    259. 

  259.     }
    260. 

  260. 

  261.     // Deduplicate reject_extra and reject_phishing from the base reject domainset
    262. 

  262.     rejectDomainsetOutput.domainTrie.dump(arg => {
    263. 

  263.       rejectExtraDomainsetOutput.whitelistDomain(arg);
    264. 

  264.       rejectPhisingDomainsetOutput.whitelistDomain(arg);
    265. 

  265. 

  266.       // e.g. .data.microsort.com can strip waston*.event.data.microsort.com
    267. 

  267.       // rejectNonIpRulesetOutput.wildcardTrie.whitelist(arg);
    268. 

  268.     });
    269. 

  269.   });
    270. 

  270. 

  271.   await Promise.all([
    272. 

  272.     rejectDomainsetOutput.write(),
    273. 

  273.     rejectExtraDomainsetOutput.write(),
    274. 

  274.     rejectPhisingDomainsetOutput.write(),
    275. 

  275.     rejectIPOutput.write(),
    276. 

  276.     rejectNonIpRulesetOutput.write()
    277. 

  277.   ]);
    278. 

  278. 

  279.   // we are going to re-use rejectOutput's domainTrie and mutate it
    280. 

  280.   // so we must wait until we write rejectOutput to disk after we can mutate its trie
    281. 

  281.   const rejectOutputAdGuardHome = new AdGuardHomeOutput(span, 'reject-adguardhome', OUTPUT_INTERNAL_DIR)
    282. 

  282.     .withTitle('Sukka\'s Ruleset - AdGuardHome Blocklist')
    283. 

  283.     .withDescription([
    284. 

  284.       'The AdGuardHome ruleset supports AD blocking, tracking protection, privacy protection, anti-mining'
    285. 

  285.     ]);
    286. 

  286. 

  287.   rejectOutputAdGuardHome.domainTrie = rejectDomainsetOutput.domainTrie;
    288. 

  288. 

  289.   await rejectOutputAdGuardHome
    290. 

  290.     // .addFromRuleset(readLocalMyRejectRulesetPromise)
    291. 

  291.     .addFromRuleset(readLocalRejectRulesetPromise)
    292. 

  292.     .addFromRuleset(readFileIntoProcessedArray(path.join(SOURCE_DIR, 'non_ip/reject-drop.conf')))
    293. 

  293.     .addFromRuleset(readFileIntoProcessedArray(path.join(SOURCE_DIR, 'non_ip/reject-no-drop.conf')))
    294. 

  294.     .addFromDomainset(readLocalRejectExtraDomainsetPromise)
    295. 

  295.     .write();
    296. 

  296. 

  297.   const myRejectOutputAdGuardHome = new AdGuardHomeOutput(span, 'my-reject-adguardhome', OUTPUT_INTERNAL_DIR)
    298. 

  298.     .withTitle('Sukka\'s Ruleset - AdGuardHome Blocklist for Myself (Sukka)')
    299. 

  299.     .withDescription([]);
    300. 

  300. 

  301.   await myRejectOutputAdGuardHome
    302. 

  302.     .addFromRuleset(readFileIntoProcessedArray(path.join(SOURCE_DIR, 'non_ip/my_reject.conf')))
    303. 

  303.     .write();
    304. 

  304. 

  305.   await phishingWorker.end();
    306. 

  306. });
    307.