Adguard dns analyzer, closes #1361

[g4ze]

close #1361

Description

Please include a summary of the change and link to the related issue.

Type of change

Please delete options that are not relevant.

• [ ] Bug fix (non-breaking change which fixes an issue).
• [x] New feature (non-breaking change which adds functionality).
• [ ] Breaking change (fix or feature that would cause existing functionality to not work as expected).

Checklist

• [x] I have read and understood the rules about how to Contribute to this project
• [x] The pull request is for the branch develop
• [x] A new plugin (analyzer, connector, visualizer, playbook, pivot or ingestor) was added or changed, in which case:
  • [x] I strictly followed the documentation "How to create a Plugin"
  • [x] Usage file was updated.
  • [ ] Advanced-Usage was updated (in case the plugin provides additional optional configuration).
  • [x] I have dumped the configuration from Django Admin using the dumpplugin command and added it in the project as a data migration. ("How to share a plugin with the community")
  • [ ] If a File analyzer was added and it supports a mimetype which is not already supported, you added a sample of that type inside the archive test_files.zip and you added the default tests for that mimetype in test_classes.py.
  • [x] If you created a new analyzer and it is free (does not require any API key), please add it in the FREE_TO_USE_ANALYZERS playbook by following this guide.
  • [x] Check if it could make sense to add that analyzer/connector to other freely available playbooks.
  • [x] I have provided the resulting raw JSON of a finished analysis and a screenshot of the results.
  • [x] If the plugin interacts with an external service, I have created an attribute called precisely url that contains this information. This is required for Health Checks.
  • [ ] If the plugin requires mocked testing, _monkeypatch() was used in its class to apply the necessary decorators.
  • [ ] I have added that raw JSON sample to the MockUpResponse of the _monkeypatch() method. This serves us to provide a valid sample for testing.
• [ ] If external libraries/packages with restrictive licenses were used, they were added in the Legal Notice section.
• [x] Linters (Black, Flake, Isort) gave 0 errors. If you have correctly installed pre-commit, it does these checks and adjustments on your behalf.
• [ ] I have added tests for the feature/bug I solved (see tests folder). All the tests (new and old ones) gave 0 errors.
• [ ] If changes were made to an existing model/serializer/view, the docs were updated and regenerated (check CONTRIBUTE.md).
• [ ] If the GUI has been modified:
  • [ ] I have a provided a screenshot of the result in the PR.
  • [ ] I have created new frontend tests for the new component or updated existing ones.
• [ ] After you had submitted the PR, if DeepSource, Django Doctors or other third-party linters have triggered any alerts during the CI checks, I have solved those alerts.

Important Rules

• If you miss to compile the Checklist properly, your PR won't be reviewed by the maintainers.
• Everytime you make changes to the PR and you think the work is done, you should explicitly ask for a review. After being reviewed and received a "change request", you should explicitly ask for a review again once you have made the requested changes.

[g4ze]

@mlodic I am not able to figure out the right query for the url. seems like it expects dns in an encoded form. Can you please take a look into it?

[mlodic]

following the DMs we had, there are some pointers that can help solving this issue:

• https://github.com/AdguardTeam/AdGuardDNS/issues/26 or maybe other issues talking about them
• https://datatracker.ietf.org/doc/html/rfc8484 -> official format for dns over https queries, they could follow something written on this.

If you could try to do some more advanced research about that, that would be cool.

[g4ze]

figured out a way, will complete this PR this week :)

[g4ze]

I think the codefactor ci test is giving a false positive to the sinkhole IP. Can you please have a look at it?

[g4ze]

kindly check the TLP and review.

[g4ze]

DNS query result for x.com in JSON format:

{
  "id": 26979,
  "opcode": "QUERY",
  "rcode": "NOERROR",
  "flags": [
    "QR",
    "RD",
    "RA"
  ],
  "questions": [
    {
      "name": "x.com.",
      "type": "A"
    }
  ],
  "answers": [
    {
      "name": "x.com.",
      "type": "A",
      "ttl": 1247,
      "data": "104.244.42.1"
    },
    {
      "name": "x.com.",
      "type": "A",
      "ttl": 1247,
      "data": "104.244.42.193"
    },
    {
      "name": "x.com.",
      "type": "A",
      "ttl": 1247,
      "data": "104.244.42.129"
    },
    {
      "name": "x.com.",
      "type": "A",
      "ttl": 1247,
      "data": "104.244.42.65"
    }
  ],
  "authorities": [],
  "additionals": []
}

adding this for better understanding.

[g4ze]

All thanks to you and Daniele🙏

[g4ze]

should be merged first acc to this