From 553bd1dae3e5776043a093e86802a0dd84231fca Mon Sep 17 00:00:00 2001
From: Evan Shi <14984764+evanyeyeye@users.noreply.github.com>
Date: Mon, 15 Apr 2024 16:11:56 -0400
Subject: [PATCH] Add Google DNS and request verification

---
 restful_tango/tangoREST.py | 6 +++++-
 tangoObjects.py            | 2 +-
 vmms/localDocker.py        | 3 +++
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/restful_tango/tangoREST.py b/restful_tango/tangoREST.py
index 6df59fad..cfbe47dc 100644
--- a/restful_tango/tangoREST.py
+++ b/restful_tango/tangoREST.py
@@ -169,7 +169,11 @@ def convertJobObj(self, dirName, jobObj):
         if "disable_network" in jobObj and isinstance(jobObj["disable_network"], bool):
             disableNetwork = jobObj["disable_network"]
 
-        allowedOutgoingIPs = jobObj["allowed_outgoing_ips"]
+        allowedOutgoingIPs = None
+        if "allowed_outgoing_ips" in jobObj and isinstance(
+            jobObj["allowed_outgoing_ips"], list
+        ):
+            allowedOutgoingIPs = jobObj["allowed_outgoing_ips"]
 
         job = TangoJob(
             name=name,
diff --git a/tangoObjects.py b/tangoObjects.py
index 5c2ff583..c2a30c70 100644
--- a/tangoObjects.py
+++ b/tangoObjects.py
@@ -115,7 +115,7 @@ def __init__(
         self.accessKeyId = accessKeyId
         self.accessKey = accessKey
         self.disableNetwork = disableNetwork
-        self.allowedOutgoingIPs = (allowedOutgoingIPs,)
+        self.allowedOutgoingIPs = allowedOutgoingIPs
 
     def makeAssigned(self):
         self.syncRemote()
diff --git a/vmms/localDocker.py b/vmms/localDocker.py
index d6c995a2..e0cefdd4 100644
--- a/vmms/localDocker.py
+++ b/vmms/localDocker.py
@@ -165,6 +165,8 @@ def runJob(
             args = args + ["-m", f"{vm.memory}m"]
         if disableNetwork:
             args = args + ["--network", "none"]
+        if not disableNetwork and allowedOutgoingIPs:
+            args = args + ["--dns", "8.8.8.8", "--cap-add=NET_ADMIN"]
         args = args + [vm.image]
         args = args + ["sh", "-c"]
 
@@ -180,6 +182,7 @@ def runJob(
 
         iptablesCmd = ""
         if not disableNetwork and allowedOutgoingIPs:
+            iptablesCmd += f"iptables -A OUTPUT -d 8.8.8.8 -j ACCEPT; "
             for IP in allowedOutgoingIPs:
                 iptablesCmd += f"iptables -A OUTPUT -d {IP} -j ACCEPT; "
             iptablesCmd += "iptables -A OUTPUT -j DROP;"