Conversation
There was a problem hiding this comment.
Pull request overview
This PR fixes a critical bug in the MISP Connector App where blocking responses were being sent with empty strings for both Extended DNS Error (EDE) messages and TXT record data, effectively causing silent blocking without proper reporting. The fix ensures that the blocking report (source=misp-connector;domain={blockedDomain}) is properly included in both response types. Additionally, the PR adds a configurable TTL parameter for blocking responses, following the pattern established in the Advanced Blocker App.
Key Changes:
- Fixed EDE and TXT responses to include blocking report instead of empty strings
- Added configurable
blockingAnswerTtlparameter with validation (30-86400 seconds range) - Refactored blocking response logic into a reusable
BlockResponsehelper method
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 3 comments.
| File | Description |
|---|---|
| Apps/MispConnectorApp/dnsApp.config | Added blockingAnswerTtl configuration parameter with default value of 3600 seconds |
| Apps/MispConnectorApp/App.cs | Fixed empty string bug in blocking responses, added TTL configuration property with validation, and refactored response generation into a helper method |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
Thanks for the PR. The Blocking Answer TTL value of 1hr is too long for default value. A short value like 30 sec is good. This is so that if the domain is unblocked by the admin for any reason, the long TTL will have issues since it will get cached with clients. Let the admin/user decide if they want longer TTL value instead of having it as default. |
|
Thank you. Copilot have some valid points in minor things as well. I'll fix it and push today. It was 60 seconds by default. I made it longer for performance. But I didn't think about whitelisting. This is a scenario I didn't test. |
There was a problem hiding this comment.
Pull request overview
Copilot reviewed 3 out of 3 changed files in this pull request and generated no new comments.
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
I guess it is better this time. |
|
Looks good. |
Added a section explaining MISP and its relevance to the plugin.
Signed-off-by: Zafer Balkan <zafer@zaferbalkan.com>
…allocation of new strings
2 participants
Current version accidentally sends empty string as EDE message and TXT response. Basically, blocks silently. It is mentioned here: #1403 (comment)
I also added a TTL parameter like Advanced Blocker App.