def test_validate_zone_record_nonstrict_hostname(self): self.assertTrue(V.validate_zone_record("ADD _host 10 TXT 12.13.24.15")) self.assertTrue( V.validate_zone_record("ADD _host 10 SRV 0 100 88 testsrv")) self.assertTrue( V.validate_zone_record("ADD _host- 10 SRV 0 100 88 testsrv")) self.assertTrue( V.validate_zone_record("ADD _host_ 10 SRV 0 100 88 testsrv"))
def test_is_valid_zone_record_caa_bad(self): self.assertFalse( V.validate_zone_record("ADD @ 3600 CAA 256 issue letsencrypt.org")) self.assertFalse( V.validate_zone_record('ADD @ 3600 CAA 1 isue "letsencrypt.org"')) self.assertFalse( V.validate_zone_record( 'ADD @ 3600 CAA 0 iodeff "mailto:[email protected]"'))
def test_is_valid_zone_record_caa_good(self): self.assertTrue( V.validate_zone_record("ADD @ 3600 CAA 0 issue letsencrypt.org")) self.assertTrue( V.validate_zone_record('ADD @ 3600 CAA 1 issue "letsencrypt.org"')) self.assertTrue( V.validate_zone_record( 'ADD @ 3600 CAA 1 issuewild "letsencrypt.org"')) self.assertTrue( V.validate_zone_record( 'ADD @ 3600 CAA 0 iodef "mailto:[email protected]"'))
def test_is_valid_zone_record_sshfp_bad(self): self.assertFalse( V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdefgabcdef")) self.assertFalse( V.validate_zone_record("ADD @ 3600 SSHFP 256 2 abcdef")) self.assertFalse( V.validate_zone_record("ADD @ 3600 SSHFP 2 256 abcdef")) self.assertFalse( V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdef.")) self.assertFalse( V.validate_zone_record('ADD @ 3600 SSHFP 1 2 "abcdef"'))
def test_validate_zone_record_soa_good(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue( V.validate_zone_record("DELETE @ 65535 SOA ns.example.com." " hostmaster.example.com." " 86400 86400 86400 86400 86400")) self.assertTrue( V.validate_zone_record("DELETE @ 65535 SOA ns.example.com." " host\\.master.example.com." " 86400 86400 86400 86400 86400")) self.assertEqual("", f.getvalue())
def test_is_valid_zone_record_txt_good(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue(V.validate_zone_record('ADD @ 3600 TXT "TEST"')) self.assertTrue(V.validate_zone_record('ADD @ 3600 TXT "TE;ST"')) self.assertTrue( V.validate_zone_record("ADD @ 3600 TXT TEST", strict=True)) self.assertTrue( V.validate_zone_record('ADD @ 3600 TXT "TEST" "TEST"')) self.assertTrue( V.validate_zone_record("ADD @ 3600 TXT TEST TEST TEST")) self.assertEqual("", f.getvalue())
def test_validate_zone_record_aaaa_good(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue( V.validate_zone_record( "ADD @ 3600 AAAA 2a00:1450:4009:81a::2004")) self.assertEqual("", f.getvalue())
def test_is_valid_zone_record_unknown_not_strict(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue( V.validate_zone_record( "ADD @ 3600 DNSKEY 256 3 12 dGVzdGluZzEyMw==")) self.assertEqual("Cannot validate type DNSKEY\n", f.getvalue())
def test_validate_zone_record_soa_warn_fields(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.com hostmaster.example.com." " 86400 86400 86400 86400 86400")) self.assertTrue( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.net. hostmaster.example.net" " 86400 86400 86400 86400 86400")) self.assertEqual( "*** Warning: target ns.example.com is missing a terminating dot\n" "*** Warning: target hostmaster.example.net is missing" " a terminating dot\n", f.getvalue(), )
def test_is_valid_zone_record_mx_warn(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue(V.validate_zone_record("ADD @ 3600 MX 0 fq.dn")) self.assertEqual( "*** Warning: target fq.dn is missing a terminating dot\n", f.getvalue(), )
def test_validate_zone_record_aaaa_bad_format(self): for fault in [ "Q", "192.168.256.1", "2050::5::1", "20500::5:1", ]: line = "ADD @ 3600 AAAA {}".format(fault) self.assertFalse(V.validate_zone_record(line), msg=line)
def test_is_valid_zone_record_txt_warn(self): f = io.StringIO() with redirect_stdout(f): self.assertTrue( V.validate_zone_record('ADD @ 3600 TXT "TEST" "TEST"', strict=True)) self.assertEqual( "* Warning: TXT record has multiple parts\n" 'ADD @ 3600 TXT "TEST" "TEST"\n', f.getvalue(), )
def test_validate_zone_record_a_bad(self): for fault in [ "Q", "192.168.256.1", "1.2.3", "1.2.3.4.5", "1.2.5,7", "1.2.0x3.4", ]: line = "ADD @ 3600 A {}".format(fault) self.assertFalse(V.validate_zone_record(line), msg=line)
def test_is_valid_zone_record_srv_bad(self): self.assertFalse(V.validate_zone_record("ADD tt 3600 SRV 1 2 3 h")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV a 2 3 h")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 a 3 h")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 a h")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 a h-")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 4"))
def test_is_valid_zone_record_aaaa_dubious_values(self): for dodgy, message in [ ("2001::1", "Teredo address"), ("2001:1::1", "IETF protocol address"), ("2001:23::1", "ORCHIDv2 address"), ("2001:db8::3", "documentation address"), ("2002:123::456:1", "6to4 address"), ]: line = "ADD @ 3600 AAAA {}".format(dodgy) f = io.StringIO() with redirect_stdout(f): self.assertTrue(V.validate_zone_record(line), msg=dodgy) self.assertEqual( "*** Warning: {} is a {}\n".format(dodgy, message), f.getvalue(), msg=dodgy, )
def test_validate_zone_record_a_warning(self): for dodgy, message in [ ("192.168.255.1", "private address"), ("172.20.3.4", "private address"), ("10.24.38.9", "private address"), ("225.2.95.1", "multicast address"), ("127.25.21.19", "loopback address"), ("20.35.1.0", "potential broadcast address"), ("201.52.19.255", "potential broadcast address"), ]: line = "ADD @ 3600 A {}".format(dodgy) f = io.StringIO() with redirect_stdout(f): self.assertTrue(V.validate_zone_record(line), msg=line) self.assertEqual( "*** Warning: {} is a {}\n".format(dodgy, message), f.getvalue(), msg=line, )
def test_validate_zone_record_aaaa_bad_values(self): for dodgy, message in [ ("::1:2:3:4:5:6", "reserved address"), ("0::1", "loopback address"), ("64:ff9b:1::0000:1", "reserved address"), ("100:ffff::0000:1", "reserved address"), ("fe80:ffff::0000:1", "link-local address"), ("fc00:ffff::0000:1", "private address"), ("ff01:ffff::0000:1", "multicast address"), ]: line = "ADD @ 3600 AAAA {}".format(dodgy) f = io.StringIO() with redirect_stdout(f): self.assertFalse(V.validate_zone_record(line), msg=dodgy) self.assertEqual( "*** Error: {} is a {}\n".format(dodgy, message), f.getvalue(), msg=dodgy, )
def test_validate_zone_record_soa_bad_numbers(self): original = V.tokenize( "REPLACE @ 65535 SOA ns.example.com. hostmaster.example.com." " 86400 86400 86400 86400 86400") for field in [6, 7, 8, 9, 10]: copy = original[:] for value in [ "x", "-1", "2w", "4294967296", "281474976710656", "18446744073709551615", ]: copy[field] = value test = " ".join(copy) self.assertFalse(V.validate_zone_record(test), msg=test)
def test_validate_zone_record_soa_short(self): self.assertFalse( V.validate_zone_record("DELETE @ 65535 SOA ns.example.com.")) self.assertFalse( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.com. hostmaster.example.com.")) self.assertFalse( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.com. hostmaster.example.com." " 86400")) self.assertFalse( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.com. hostmaster.example.com." " 86400 86400")) self.assertFalse( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.com. hostmaster.example.com." " 86400 86400 86400")) self.assertFalse( V.validate_zone_record( "DELETE @ 65535 SOA ns.example.com. hostmaster.example.com." " 86400 86400 86400 86400"))
def test_is_valid_zone_record_sshfp_good(self): self.assertTrue( V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdefabcdef")) self.assertTrue( V.validate_zone_record("ADD @ 3600 SSHFP 255 255 a51254"))
def test_is_valid_zone_record_sshfp_long(self): self.assertFalse( V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdef abcdef"))
def test_is_valid_zone_record_sshfp_short(self): self.assertFalse(V.validate_zone_record("ADD @ 3600 SSHFP 1")) self.assertFalse(V.validate_zone_record("ADD @ 3600 SSHFP 1 2"))
def test_is_valid_zone_record_mx_good(self): self.assertTrue(V.validate_zone_record("ADD @ 3600 MX 0 fq.dn.")) self.assertTrue(V.validate_zone_record("ADD @ 3600 MX 65535 fq.dn."))
def test_is_valid_zone_record_caa_long(self): self.assertFalse( V.validate_zone_record("ADD @ 3600 CAA 1 issue letsencrypt org"))
def test_is_valid_zone_record_srv_good(self): self.assertTrue(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 h")) self.assertTrue(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 fq.dn."))
def test_is_valid_zone_record_srv_long(self): self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 h 5")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 h 5 6"))
def test_is_valid_zone_record_srv_short(self): self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2")) self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3"))
def test_is_valid_zone_record_mx_bad(self): self.assertFalse(V.validate_zone_record("ADD @ 3600 MX fq.dn. 0")) self.assertFalse(V.validate_zone_record('ADD @ 3600 MX 10 ""')) self.assertFalse( V.validate_zone_record("ADD @ 3600 MX 10 192.168.1.1"))
print("Zonefile origin domain is not for specified zone") print(args.zone, "!=", zone.domain()) sys.exit(1) except rfcparser.RFCParserError as err: if err.line: print(f"Error: {err.message} in {err.line}") else: print(f"Error: {err.message}") sys.exit(1) else: print("No zone file provided.") sys.exit(1) # Validate all new zone records for zone_record in zone_records: if not zone_validate.validate_zone_record(zone_record, args.strict): print("The following record failed validation:") print(zone_record) sys.exit(1) with open(args.credentials_file) as f: credentials = json.load(f) try: api = mythic.MythicAPI(args.zone, credentials[args.zone]) except mythic.APIError as err: print("* Error: {}".format(err.message)) sys.exit(2) except KeyError as err: print("* Error: {} not in credentials".format(err.args[0])) sys.exit(2)
def test_is_valid_zone_record_caa_short(self): self.assertFalse(V.validate_zone_record("ADD @ 3600 CAA 1")) self.assertFalse(V.validate_zone_record("ADD @ 3600 CAA 1 issue"))