Implement ns lookup allowlist (#1420)

The ns-lookup accepts domain names as well as suffixes, e.g.: ``` --allow-resolve=* # allow all domain names --allow-resolve=example.com # only allow example.com name resolution --allow-resolve=example.com --allow-resolve=*.example.com # allow example.com and its subdomains' name resolution ```
2022-09-02 13:26:31 +02:00
parent df782c5f2a
commit 9a04c21075
12 changed files with 236 additions and 91 deletions
--- a/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/include/wasmtime_ssp.h
+++ b/core/iwasm/libraries/libc-wasi/sandboxed-system-primitives/include/wasmtime_ssp.h
@ -1038,7 +1038,7 @@ wasi_ssp_sock_bind(
 __wasi_errno_t
 wasi_ssp_sock_addr_resolve(
 #if !defined(WASMTIME_SSP_STATIC_CURFDS)
-    struct fd_table *curfds,
+    struct fd_table *curfds, char **ns_lookup_list,
 #endif
    const char *host, const char* service,
    __wasi_addr_info_hints_t *hints, __wasi_addr_info_t *addr_info,