From 2a1751ec30c2faf073d3592806d955be16e635ce Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 04:56:38 -0400 Subject: [PATCH 1/5] fixing domain validation to account for 2-63 character length and correct character set --- lemur/dns_providers/util.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index cc8d9bb3..9aa10458 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -31,11 +31,11 @@ class DNSResolveError(DNSError): def is_valid_domain(domain): """Checks if a domain is syntactically valid and returns a bool""" - if len(domain) > 253: - return False if domain[-1] == ".": domain = domain[:-1] - fqdn_re = re.compile("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]{1,63}(? 253: + return False + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) From 8658ac531e456c47031316ef20fffaf3d43837b5 Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 08:08:49 -0400 Subject: [PATCH 2/5] fixing unittests and allowing for single character domains --- lemur/dns_providers/util.py | 2 +- lemur/tests/test_dns_providers.py | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index 9aa10458..fc930eb3 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -35,7 +35,7 @@ def is_valid_domain(domain): domain = domain[:-1] if len(domain) > 253: return False - fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$)", re.IGNORECASE) + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)|[a-z0-9]$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index b8714a2d..640277c6 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -6,7 +6,18 @@ class TestDNSProvider(unittest.TestCase): def test_is_valid_domain(self): self.assertTrue(dnsutil.is_valid_domain("example.com")) self.assertTrue(dnsutil.is_valid_domain("foo.bar.org")) - self.assertTrue(dnsutil.is_valid_domain("_acme-chall.example.com")) + self.assertTrue(dnsutil.is_valid_domain("exam--ple.io")) + self.assertTrue(dnsutil.is_valid_domain("a.example.com")) + self.assertTrue(dnsutil.is_valid_domain("example.io")) + self.assertTrue(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-1234567890123.com")) + self.assertFalse(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-12345678901234.com")) + self.assertFalse(dnsutil.is_valid_domain("_acme-chall.example.com")) self.assertFalse(dnsutil.is_valid_domain("e/xample.com")) self.assertFalse(dnsutil.is_valid_domain("exam\ple.com")) self.assertFalse(dnsutil.is_valid_domain("*.example.com")) + self.assertFalse(dnsutil.is_valid_domain("-example.io")) + self.assertFalse(dnsutil.is_valid_domain("example-.io")) + self.assertFalse(dnsutil.is_valid_domain("example..io")) + self.assertFalse(dnsutil.is_valid_domain("exa mple.io")) + self.assertFalse(dnsutil.is_valid_domain("-")) + self.assertFalse(dnsutil.is_valid_domain("")) From 3ce7cd6c50d4ac7bece419c08b4728a0eacf80fb Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 11:34:14 -0400 Subject: [PATCH 3/5] fixing escaped string on domain test --- lemur/tests/test_dns_providers.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index 640277c6..4b558dab 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -9,11 +9,11 @@ class TestDNSProvider(unittest.TestCase): self.assertTrue(dnsutil.is_valid_domain("exam--ple.io")) self.assertTrue(dnsutil.is_valid_domain("a.example.com")) self.assertTrue(dnsutil.is_valid_domain("example.io")) - self.assertTrue(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-1234567890123.com")) - self.assertFalse(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-12345678901234.com")) + self.assertTrue(dnsutil.is_valid_domain("example-of-under-63-character-domain-label-length-limit-1234567.com")) + self.assertFalse(dnsutil.is_valid_domain("example-of-over-63-character-domain-label-length-limit-123456789.com")) self.assertFalse(dnsutil.is_valid_domain("_acme-chall.example.com")) self.assertFalse(dnsutil.is_valid_domain("e/xample.com")) - self.assertFalse(dnsutil.is_valid_domain("exam\ple.com")) + self.assertFalse(dnsutil.is_valid_domain("exam\\ple.com")) self.assertFalse(dnsutil.is_valid_domain("*.example.com")) self.assertFalse(dnsutil.is_valid_domain("-example.io")) self.assertFalse(dnsutil.is_valid_domain("example-.io")) From 1b8507636bf998887f8b1f3c09d141ccf4297aac Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 12:49:55 -0400 Subject: [PATCH 4/5] fixing quotes, no escape characters in tests, fixed anchors --- lemur/dns_providers/util.py | 2 +- lemur/tests/test_dns_providers.py | 34 +++++++++++++++---------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index fc930eb3..d7140661 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -35,7 +35,7 @@ def is_valid_domain(domain): domain = domain[:-1] if len(domain) > 253: return False - fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)|[a-z0-9]$)", re.IGNORECASE) + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$|^[a-z0-9]$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index 4b558dab..26679776 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -4,20 +4,20 @@ from lemur.dns_providers import util as dnsutil class TestDNSProvider(unittest.TestCase): def test_is_valid_domain(self): - self.assertTrue(dnsutil.is_valid_domain("example.com")) - self.assertTrue(dnsutil.is_valid_domain("foo.bar.org")) - self.assertTrue(dnsutil.is_valid_domain("exam--ple.io")) - self.assertTrue(dnsutil.is_valid_domain("a.example.com")) - self.assertTrue(dnsutil.is_valid_domain("example.io")) - self.assertTrue(dnsutil.is_valid_domain("example-of-under-63-character-domain-label-length-limit-1234567.com")) - self.assertFalse(dnsutil.is_valid_domain("example-of-over-63-character-domain-label-length-limit-123456789.com")) - self.assertFalse(dnsutil.is_valid_domain("_acme-chall.example.com")) - self.assertFalse(dnsutil.is_valid_domain("e/xample.com")) - self.assertFalse(dnsutil.is_valid_domain("exam\\ple.com")) - self.assertFalse(dnsutil.is_valid_domain("*.example.com")) - self.assertFalse(dnsutil.is_valid_domain("-example.io")) - self.assertFalse(dnsutil.is_valid_domain("example-.io")) - self.assertFalse(dnsutil.is_valid_domain("example..io")) - self.assertFalse(dnsutil.is_valid_domain("exa mple.io")) - self.assertFalse(dnsutil.is_valid_domain("-")) - self.assertFalse(dnsutil.is_valid_domain("")) + self.assertTrue(dnsutil.is_valid_domain('example.com')) + self.assertTrue(dnsutil.is_valid_domain('foo.bar.org')) + self.assertTrue(dnsutil.is_valid_domain('exam--ple.io')) + self.assertTrue(dnsutil.is_valid_domain('a.example.com')) + self.assertTrue(dnsutil.is_valid_domain('example.io')) + self.assertTrue(dnsutil.is_valid_domain('example-of-under-63-character-domain-label-length-limit-1234567.com')) + self.assertFalse(dnsutil.is_valid_domain('example-of-over-63-character-domain-label-length-limit-123456789.com')) + self.assertFalse(dnsutil.is_valid_domain('_acme-chall.example.com')) + self.assertFalse(dnsutil.is_valid_domain('e/xample.com')) + self.assertFalse(dnsutil.is_valid_domain('exam\ple.com')) + self.assertFalse(dnsutil.is_valid_domain(' Date: Wed, 3 Jun 2020 13:20:23 -0400 Subject: [PATCH 5/5] allowing for _ in domains --- lemur/dns_providers/util.py | 2 +- lemur/tests/test_dns_providers.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index d7140661..0fa84ac1 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -35,7 +35,7 @@ def is_valid_domain(domain): domain = domain[:-1] if len(domain) > 253: return False - fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$|^[a-z0-9]$)", re.IGNORECASE) + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9_](?:-*[a-z0-9_])+)$|^[a-z0-9]$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index 26679776..83315be5 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -11,7 +11,7 @@ class TestDNSProvider(unittest.TestCase): self.assertTrue(dnsutil.is_valid_domain('example.io')) self.assertTrue(dnsutil.is_valid_domain('example-of-under-63-character-domain-label-length-limit-1234567.com')) self.assertFalse(dnsutil.is_valid_domain('example-of-over-63-character-domain-label-length-limit-123456789.com')) - self.assertFalse(dnsutil.is_valid_domain('_acme-chall.example.com')) + self.assertTrue(dnsutil.is_valid_domain('_acme-chall.example.com')) self.assertFalse(dnsutil.is_valid_domain('e/xample.com')) self.assertFalse(dnsutil.is_valid_domain('exam\ple.com')) self.assertFalse(dnsutil.is_valid_domain('