Skip to content

feat: make rulesengine stricter #157

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
evgeniy-scherbina merged 2 commits into from
Jan 15, 2026
Merged

feat: make rulesengine stricter #157

evgeniy-scherbina merged 2 commits into from
Jan 15, 2026

Conversation

@evgeniy-scherbina
Copy link
Collaborator

@evgeniy-scherbina evgeniy-scherbina commented Jan 15, 2026
edited
Loading

Relates to #143

Implement Stricter Domain Matching in Rules Engine

Summary

Implements stricter domain matching to prevent automatic subdomain matching, improving security by requiring explicit patterns.

Behavior Changes

Before:

  • domain=github.com → matches github.com and all subdomains (e.g., api.github.com, fake.github.com)

After:

  • domain=github.com → matches ONLY github.com (exact match)
  • domain=*.github.com → matches ONLY subdomains (not base domain)
  • To allow both: domain=github.com, domain=*.github.com

Security Impact

Prevents accidental matching of malicious subdomains (e.g., fake.github.com matching github.com rule).

Migration

Update existing rules that rely on automatic subdomain matching:

@evgeniy-scherbina evgeniy-scherbina force-pushed the yevhenii/strict-rules-engine branch from 069a9f9 to 4c55fbf Compare January 15, 2026 14:31
@evgeniy-scherbina evgeniy-scherbina force-pushed the yevhenii/strict-rules-engine branch from ecae77a to 0db0440 Compare January 15, 2026 17:44
@evgeniy-scherbina evgeniy-scherbina marked this pull request as ready for review January 15, 2026 17:55
f0ssel
f0ssel approved these changes Jan 15, 2026
View reviewed changes
Copy link
Collaborator

@f0ssel f0ssel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

All for stricter syntax here

@evgeniy-scherbina evgeniy-scherbina force-pushed the yevhenii/strict-rules-engine branch from e4f7585 to 7d5a99a Compare January 15, 2026 18:15
@evgeniy-scherbina evgeniy-scherbina force-pushed the yevhenii/strict-rules-engine branch from 7d5a99a to 7af16a3 Compare January 15, 2026 18:17
@evgeniy-scherbina evgeniy-scherbina merged commit c207d41 into main Jan 15, 2026
5 checks passed
@evgeniy-scherbina evgeniy-scherbina deleted the yevhenii/strict-rules-engine branch January 15, 2026 18:34
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@f0ssel f0ssel f0ssel approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@evgeniy-scherbina @f0ssel