def test_validate_zone_record_nonstrict_hostname(self):
self.assertTrue(V.validate_zone_record("ADD _host 10 TXT 12.13.24.15"))
self.assertTrue(
V.validate_zone_record("ADD _host 10 SRV 0 100 88 testsrv"))
self.assertTrue(
V.validate_zone_record("ADD _host- 10 SRV 0 100 88 testsrv"))
self.assertTrue(
V.validate_zone_record("ADD _host_ 10 SRV 0 100 88 testsrv"))
def test_is_valid_zone_record_caa_bad(self):
self.assertFalse(
V.validate_zone_record("ADD @ 3600 CAA 256 issue letsencrypt.org"))
self.assertFalse(
V.validate_zone_record('ADD @ 3600 CAA 1 isue "letsencrypt.org"'))
self.assertFalse(
V.validate_zone_record(
'ADD @ 3600 CAA 0 iodeff "mailto:[email protected]"'))
def test_is_valid_zone_record_caa_good(self):
self.assertTrue(
V.validate_zone_record("ADD @ 3600 CAA 0 issue letsencrypt.org"))
self.assertTrue(
V.validate_zone_record('ADD @ 3600 CAA 1 issue "letsencrypt.org"'))
self.assertTrue(
V.validate_zone_record(
'ADD @ 3600 CAA 1 issuewild "letsencrypt.org"'))
self.assertTrue(
V.validate_zone_record(
'ADD @ 3600 CAA 0 iodef "mailto:[email protected]"'))
def test_is_valid_zone_record_sshfp_bad(self):
self.assertFalse(
V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdefgabcdef"))
self.assertFalse(
V.validate_zone_record("ADD @ 3600 SSHFP 256 2 abcdef"))
self.assertFalse(
V.validate_zone_record("ADD @ 3600 SSHFP 2 256 abcdef"))
self.assertFalse(
V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdef."))
self.assertFalse(
V.validate_zone_record('ADD @ 3600 SSHFP 1 2 "abcdef"'))
def test_validate_zone_record_soa_good(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(
V.validate_zone_record("DELETE @ 65535 SOA ns.example.com."
" hostmaster.example.com."
" 86400 86400 86400 86400 86400"))
self.assertTrue(
V.validate_zone_record("DELETE @ 65535 SOA ns.example.com."
" host\\.master.example.com."
" 86400 86400 86400 86400 86400"))
self.assertEqual("", f.getvalue())
def test_is_valid_zone_record_txt_good(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(V.validate_zone_record('ADD @ 3600 TXT "TEST"'))
self.assertTrue(V.validate_zone_record('ADD @ 3600 TXT "TE;ST"'))
self.assertTrue(
V.validate_zone_record("ADD @ 3600 TXT TEST", strict=True))
self.assertTrue(
V.validate_zone_record('ADD @ 3600 TXT "TEST" "TEST"'))
self.assertTrue(
V.validate_zone_record("ADD @ 3600 TXT TEST TEST TEST"))
self.assertEqual("", f.getvalue())
def test_validate_zone_record_aaaa_good(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(
V.validate_zone_record(
"ADD @ 3600 AAAA 2a00:1450:4009:81a::2004"))
self.assertEqual("", f.getvalue())
def test_is_valid_zone_record_unknown_not_strict(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(
V.validate_zone_record(
"ADD @ 3600 DNSKEY 256 3 12 dGVzdGluZzEyMw=="))
self.assertEqual("Cannot validate type DNSKEY\n", f.getvalue())
def test_validate_zone_record_soa_warn_fields(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.com hostmaster.example.com."
" 86400 86400 86400 86400 86400"))
self.assertTrue(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.net. hostmaster.example.net"
" 86400 86400 86400 86400 86400"))
self.assertEqual(
"*** Warning: target ns.example.com is missing a terminating dot\n"
"*** Warning: target hostmaster.example.net is missing"
" a terminating dot\n",
f.getvalue(),
)
def test_is_valid_zone_record_mx_warn(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(V.validate_zone_record("ADD @ 3600 MX 0 fq.dn"))
self.assertEqual(
"*** Warning: target fq.dn is missing a terminating dot\n",
f.getvalue(),
)
def test_validate_zone_record_aaaa_bad_format(self):
for fault in [
"Q",
"192.168.256.1",
"2050::5::1",
"20500::5:1",
]:
line = "ADD @ 3600 AAAA {}".format(fault)
self.assertFalse(V.validate_zone_record(line), msg=line)
def test_is_valid_zone_record_txt_warn(self):
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(
V.validate_zone_record('ADD @ 3600 TXT "TEST" "TEST"',
strict=True))
self.assertEqual(
"* Warning: TXT record has multiple parts\n"
'ADD @ 3600 TXT "TEST" "TEST"\n',
f.getvalue(),
)
def test_validate_zone_record_a_bad(self):
for fault in [
"Q",
"192.168.256.1",
"1.2.3",
"1.2.3.4.5",
"1.2.5,7",
"1.2.0x3.4",
]:
line = "ADD @ 3600 A {}".format(fault)
self.assertFalse(V.validate_zone_record(line), msg=line)
def test_is_valid_zone_record_srv_bad(self):
self.assertFalse(V.validate_zone_record("ADD tt 3600 SRV 1 2 3 h"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV a 2 3 h"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 a 3 h"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 a h"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 a h-"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 4"))
def test_is_valid_zone_record_aaaa_dubious_values(self):
for dodgy, message in [
("2001::1", "Teredo address"),
("2001:1::1", "IETF protocol address"),
("2001:23::1", "ORCHIDv2 address"),
("2001:db8::3", "documentation address"),
("2002:123::456:1", "6to4 address"),
]:
line = "ADD @ 3600 AAAA {}".format(dodgy)
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(V.validate_zone_record(line), msg=dodgy)
self.assertEqual(
"*** Warning: {} is a {}\n".format(dodgy, message),
f.getvalue(),
msg=dodgy,
)
def test_validate_zone_record_a_warning(self):
for dodgy, message in [
("192.168.255.1", "private address"),
("172.20.3.4", "private address"),
("10.24.38.9", "private address"),
("225.2.95.1", "multicast address"),
("127.25.21.19", "loopback address"),
("20.35.1.0", "potential broadcast address"),
("201.52.19.255", "potential broadcast address"),
]:
line = "ADD @ 3600 A {}".format(dodgy)
f = io.StringIO()
with redirect_stdout(f):
self.assertTrue(V.validate_zone_record(line), msg=line)
self.assertEqual(
"*** Warning: {} is a {}\n".format(dodgy, message),
f.getvalue(),
msg=line,
)
def test_validate_zone_record_aaaa_bad_values(self):
for dodgy, message in [
("::1:2:3:4:5:6", "reserved address"),
("0::1", "loopback address"),
("64:ff9b:1::0000:1", "reserved address"),
("100:ffff::0000:1", "reserved address"),
("fe80:ffff::0000:1", "link-local address"),
("fc00:ffff::0000:1", "private address"),
("ff01:ffff::0000:1", "multicast address"),
]:
line = "ADD @ 3600 AAAA {}".format(dodgy)
f = io.StringIO()
with redirect_stdout(f):
self.assertFalse(V.validate_zone_record(line), msg=dodgy)
self.assertEqual(
"*** Error: {} is a {}\n".format(dodgy, message),
f.getvalue(),
msg=dodgy,
)
def test_validate_zone_record_soa_bad_numbers(self):
original = V.tokenize(
"REPLACE @ 65535 SOA ns.example.com. hostmaster.example.com."
" 86400 86400 86400 86400 86400")
for field in [6, 7, 8, 9, 10]:
copy = original[:]
for value in [
"x",
"-1",
"2w",
"4294967296",
"281474976710656",
"18446744073709551615",
]:
copy[field] = value
test = " ".join(copy)
self.assertFalse(V.validate_zone_record(test), msg=test)
def test_validate_zone_record_soa_short(self):
self.assertFalse(
V.validate_zone_record("DELETE @ 65535 SOA ns.example.com."))
self.assertFalse(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.com. hostmaster.example.com."))
self.assertFalse(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.com. hostmaster.example.com."
" 86400"))
self.assertFalse(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.com. hostmaster.example.com."
" 86400 86400"))
self.assertFalse(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.com. hostmaster.example.com."
" 86400 86400 86400"))
self.assertFalse(
V.validate_zone_record(
"DELETE @ 65535 SOA ns.example.com. hostmaster.example.com."
" 86400 86400 86400 86400"))
def test_is_valid_zone_record_sshfp_good(self):
self.assertTrue(
V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdefabcdef"))
self.assertTrue(
V.validate_zone_record("ADD @ 3600 SSHFP 255 255 a51254"))
def test_is_valid_zone_record_sshfp_long(self):
self.assertFalse(
V.validate_zone_record("ADD @ 3600 SSHFP 1 2 abcdef abcdef"))
def test_is_valid_zone_record_sshfp_short(self):
self.assertFalse(V.validate_zone_record("ADD @ 3600 SSHFP 1"))
self.assertFalse(V.validate_zone_record("ADD @ 3600 SSHFP 1 2"))
def test_is_valid_zone_record_mx_good(self):
self.assertTrue(V.validate_zone_record("ADD @ 3600 MX 0 fq.dn."))
self.assertTrue(V.validate_zone_record("ADD @ 3600 MX 65535 fq.dn."))
def test_is_valid_zone_record_caa_long(self):
self.assertFalse(
V.validate_zone_record("ADD @ 3600 CAA 1 issue letsencrypt org"))
def test_is_valid_zone_record_srv_good(self):
self.assertTrue(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 h"))
self.assertTrue(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 fq.dn."))
def test_is_valid_zone_record_srv_long(self):
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 h 5"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3 h 5 6"))
def test_is_valid_zone_record_srv_short(self):
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2"))
self.assertFalse(V.validate_zone_record("ADD _t 3600 SRV 1 2 3"))
def test_is_valid_zone_record_mx_bad(self):
self.assertFalse(V.validate_zone_record("ADD @ 3600 MX fq.dn. 0"))
self.assertFalse(V.validate_zone_record('ADD @ 3600 MX 10 ""'))
self.assertFalse(
V.validate_zone_record("ADD @ 3600 MX 10 192.168.1.1"))
print("Zonefile origin domain is not for specified zone")
print(args.zone, "!=", zone.domain())
sys.exit(1)
except rfcparser.RFCParserError as err:
if err.line:
print(f"Error: {err.message} in {err.line}")
else:
print(f"Error: {err.message}")
sys.exit(1)
else:
print("No zone file provided.")
sys.exit(1)
# Validate all new zone records
for zone_record in zone_records:
if not zone_validate.validate_zone_record(zone_record, args.strict):
print("The following record failed validation:")
print(zone_record)
sys.exit(1)
with open(args.credentials_file) as f:
credentials = json.load(f)
try:
api = mythic.MythicAPI(args.zone, credentials[args.zone])
except mythic.APIError as err:
print("* Error: {}".format(err.message))
sys.exit(2)
except KeyError as err:
print("* Error: {} not in credentials".format(err.args[0]))
sys.exit(2)
def test_is_valid_zone_record_caa_short(self):
self.assertFalse(V.validate_zone_record("ADD @ 3600 CAA 1"))
self.assertFalse(V.validate_zone_record("ADD @ 3600 CAA 1 issue"))
