From b68a7f1de26530bd2fdd8ee1adeb872484fa4e18 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 1 Jun 2020 17:02:08 +0000 Subject: [PATCH 1/7] Bump flask-sqlalchemy from 2.4.1 to 2.4.3 Bumps [flask-sqlalchemy](https://github.com/pallets/flask-sqlalchemy) from 2.4.1 to 2.4.3. - [Release notes](https://github.com/pallets/flask-sqlalchemy/releases) - [Changelog](https://github.com/pallets/flask-sqlalchemy/blob/master/CHANGES.rst) - [Commits](https://github.com/pallets/flask-sqlalchemy/compare/2.4.1...2.4.3) Signed-off-by: dependabot-preview[bot] --- requirements-docs.txt | 2 +- requirements.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index 313f2594..e7e77ad3 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -38,7 +38,7 @@ flask-principal==0.4.0 # via -r requirements.txt flask-replicated==1.3 # via -r requirements.txt flask-restful==0.3.8 # via -r requirements.txt flask-script==2.0.6 # via -r requirements.txt -flask-sqlalchemy==2.4.1 # via -r requirements.txt, flask-migrate +flask-sqlalchemy==2.4.3 # via -r requirements.txt, flask-migrate flask==1.1.2 # via -r requirements.txt, flask-bcrypt, flask-cors, flask-mail, flask-migrate, flask-principal, flask-restful, flask-script, flask-sqlalchemy, raven future==0.18.2 # via -r requirements.txt, cloudflare gunicorn==20.0.4 # via -r requirements.txt diff --git a/requirements.txt b/requirements.txt index 26667c39..bf82195b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -36,7 +36,7 @@ flask-principal==0.4.0 # via -r requirements.in flask-replicated==1.3 # via -r requirements.in flask-restful==0.3.8 # via -r requirements.in flask-script==2.0.6 # via -r requirements.in -flask-sqlalchemy==2.4.1 # via -r requirements.in, flask-migrate +flask-sqlalchemy==2.4.3 # via -r requirements.in, flask-migrate flask==1.1.2 # via -r requirements.in, flask-bcrypt, flask-cors, flask-mail, flask-migrate, flask-principal, flask-restful, flask-script, flask-sqlalchemy, raven future==0.18.2 # via -r requirements.in, cloudflare gunicorn==20.0.4 # via -r requirements.in From 9a5ec72850ea617d247d514f5b4647f6516c6599 Mon Sep 17 00:00:00 2001 From: "dependabot-preview[bot]" <27856297+dependabot-preview[bot]@users.noreply.github.com> Date: Mon, 1 Jun 2020 17:02:26 +0000 Subject: [PATCH 2/7] Bump boto3 from 1.13.18 to 1.13.19 Bumps [boto3](https://github.com/boto/boto3) from 1.13.18 to 1.13.19. - [Release notes](https://github.com/boto/boto3/releases) - [Changelog](https://github.com/boto/boto3/blob/develop/CHANGELOG.rst) - [Commits](https://github.com/boto/boto3/compare/1.13.18...1.13.19) Signed-off-by: dependabot-preview[bot] --- requirements-docs.txt | 2 +- requirements-tests.txt | 2 +- requirements.txt | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/requirements-docs.txt b/requirements-docs.txt index 313f2594..5e09cb85 100644 --- a/requirements-docs.txt +++ b/requirements-docs.txt @@ -16,7 +16,7 @@ babel==2.8.0 # via sphinx bcrypt==3.1.7 # via -r requirements.txt, flask-bcrypt, paramiko billiard==3.6.3.0 # via -r requirements.txt, celery blinker==1.4 # via -r requirements.txt, flask-mail, flask-principal, raven -boto3==1.13.18 # via -r requirements.txt +boto3==1.13.19 # via -r requirements.txt botocore==1.16.19 # via -r requirements.txt, boto3, s3transfer celery[redis]==4.4.2 # via -r requirements.txt certifi==2020.4.5.1 # via -r requirements.txt, requests diff --git a/requirements-tests.txt b/requirements-tests.txt index 03f4f680..00de5ce1 100644 --- a/requirements-tests.txt +++ b/requirements-tests.txt @@ -10,7 +10,7 @@ aws-sam-translator==1.22.0 # via cfn-lint aws-xray-sdk==2.5.0 # via moto bandit==1.6.2 # via -r requirements-tests.in black==19.10b0 # via -r requirements-tests.in -boto3==1.13.18 # via aws-sam-translator, moto +boto3==1.13.19 # via aws-sam-translator, moto boto==2.49.0 # via moto botocore==1.16.19 # via aws-xray-sdk, boto3, moto, s3transfer certifi==2020.4.5.1 # via requests diff --git a/requirements.txt b/requirements.txt index 26667c39..b0c42de0 100644 --- a/requirements.txt +++ b/requirements.txt @@ -14,7 +14,7 @@ asyncpool==1.0 # via -r requirements.in bcrypt==3.1.7 # via flask-bcrypt, paramiko billiard==3.6.3.0 # via celery blinker==1.4 # via flask-mail, flask-principal, raven -boto3==1.13.18 # via -r requirements.in +boto3==1.13.19 # via -r requirements.in botocore==1.16.19 # via -r requirements.in, boto3, s3transfer celery[redis]==4.4.2 # via -r requirements.in certifi==2020.4.5.1 # via -r requirements.in, requests From 2a1751ec30c2faf073d3592806d955be16e635ce Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 04:56:38 -0400 Subject: [PATCH 3/7] fixing domain validation to account for 2-63 character length and correct character set --- lemur/dns_providers/util.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index cc8d9bb3..9aa10458 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -31,11 +31,11 @@ class DNSResolveError(DNSError): def is_valid_domain(domain): """Checks if a domain is syntactically valid and returns a bool""" - if len(domain) > 253: - return False if domain[-1] == ".": domain = domain[:-1] - fqdn_re = re.compile("(?=^.{1,254}$)(^(?:(?!\d+\.|-)[a-zA-Z0-9_\-]{1,63}(? 253: + return False + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) From 8658ac531e456c47031316ef20fffaf3d43837b5 Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 08:08:49 -0400 Subject: [PATCH 4/7] fixing unittests and allowing for single character domains --- lemur/dns_providers/util.py | 2 +- lemur/tests/test_dns_providers.py | 13 ++++++++++++- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index 9aa10458..fc930eb3 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -35,7 +35,7 @@ def is_valid_domain(domain): domain = domain[:-1] if len(domain) > 253: return False - fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$)", re.IGNORECASE) + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)|[a-z0-9]$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index b8714a2d..640277c6 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -6,7 +6,18 @@ class TestDNSProvider(unittest.TestCase): def test_is_valid_domain(self): self.assertTrue(dnsutil.is_valid_domain("example.com")) self.assertTrue(dnsutil.is_valid_domain("foo.bar.org")) - self.assertTrue(dnsutil.is_valid_domain("_acme-chall.example.com")) + self.assertTrue(dnsutil.is_valid_domain("exam--ple.io")) + self.assertTrue(dnsutil.is_valid_domain("a.example.com")) + self.assertTrue(dnsutil.is_valid_domain("example.io")) + self.assertTrue(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-1234567890123.com")) + self.assertFalse(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-12345678901234.com")) + self.assertFalse(dnsutil.is_valid_domain("_acme-chall.example.com")) self.assertFalse(dnsutil.is_valid_domain("e/xample.com")) self.assertFalse(dnsutil.is_valid_domain("exam\ple.com")) self.assertFalse(dnsutil.is_valid_domain("*.example.com")) + self.assertFalse(dnsutil.is_valid_domain("-example.io")) + self.assertFalse(dnsutil.is_valid_domain("example-.io")) + self.assertFalse(dnsutil.is_valid_domain("example..io")) + self.assertFalse(dnsutil.is_valid_domain("exa mple.io")) + self.assertFalse(dnsutil.is_valid_domain("-")) + self.assertFalse(dnsutil.is_valid_domain("")) From 3ce7cd6c50d4ac7bece419c08b4728a0eacf80fb Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 11:34:14 -0400 Subject: [PATCH 5/7] fixing escaped string on domain test --- lemur/tests/test_dns_providers.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index 640277c6..4b558dab 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -9,11 +9,11 @@ class TestDNSProvider(unittest.TestCase): self.assertTrue(dnsutil.is_valid_domain("exam--ple.io")) self.assertTrue(dnsutil.is_valid_domain("a.example.com")) self.assertTrue(dnsutil.is_valid_domain("example.io")) - self.assertTrue(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-1234567890123.com")) - self.assertFalse(dnsutil.is_valid_domain("example-of-63-character-domain-label-length-limit-12345678901234.com")) + self.assertTrue(dnsutil.is_valid_domain("example-of-under-63-character-domain-label-length-limit-1234567.com")) + self.assertFalse(dnsutil.is_valid_domain("example-of-over-63-character-domain-label-length-limit-123456789.com")) self.assertFalse(dnsutil.is_valid_domain("_acme-chall.example.com")) self.assertFalse(dnsutil.is_valid_domain("e/xample.com")) - self.assertFalse(dnsutil.is_valid_domain("exam\ple.com")) + self.assertFalse(dnsutil.is_valid_domain("exam\\ple.com")) self.assertFalse(dnsutil.is_valid_domain("*.example.com")) self.assertFalse(dnsutil.is_valid_domain("-example.io")) self.assertFalse(dnsutil.is_valid_domain("example-.io")) From 1b8507636bf998887f8b1f3c09d141ccf4297aac Mon Sep 17 00:00:00 2001 From: alwaysjolley Date: Wed, 3 Jun 2020 12:49:55 -0400 Subject: [PATCH 6/7] fixing quotes, no escape characters in tests, fixed anchors --- lemur/dns_providers/util.py | 2 +- lemur/tests/test_dns_providers.py | 34 +++++++++++++++---------------- 2 files changed, 18 insertions(+), 18 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index fc930eb3..d7140661 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -35,7 +35,7 @@ def is_valid_domain(domain): domain = domain[:-1] if len(domain) > 253: return False - fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)|[a-z0-9]$)", re.IGNORECASE) + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$|^[a-z0-9]$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index 4b558dab..26679776 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -4,20 +4,20 @@ from lemur.dns_providers import util as dnsutil class TestDNSProvider(unittest.TestCase): def test_is_valid_domain(self): - self.assertTrue(dnsutil.is_valid_domain("example.com")) - self.assertTrue(dnsutil.is_valid_domain("foo.bar.org")) - self.assertTrue(dnsutil.is_valid_domain("exam--ple.io")) - self.assertTrue(dnsutil.is_valid_domain("a.example.com")) - self.assertTrue(dnsutil.is_valid_domain("example.io")) - self.assertTrue(dnsutil.is_valid_domain("example-of-under-63-character-domain-label-length-limit-1234567.com")) - self.assertFalse(dnsutil.is_valid_domain("example-of-over-63-character-domain-label-length-limit-123456789.com")) - self.assertFalse(dnsutil.is_valid_domain("_acme-chall.example.com")) - self.assertFalse(dnsutil.is_valid_domain("e/xample.com")) - self.assertFalse(dnsutil.is_valid_domain("exam\\ple.com")) - self.assertFalse(dnsutil.is_valid_domain("*.example.com")) - self.assertFalse(dnsutil.is_valid_domain("-example.io")) - self.assertFalse(dnsutil.is_valid_domain("example-.io")) - self.assertFalse(dnsutil.is_valid_domain("example..io")) - self.assertFalse(dnsutil.is_valid_domain("exa mple.io")) - self.assertFalse(dnsutil.is_valid_domain("-")) - self.assertFalse(dnsutil.is_valid_domain("")) + self.assertTrue(dnsutil.is_valid_domain('example.com')) + self.assertTrue(dnsutil.is_valid_domain('foo.bar.org')) + self.assertTrue(dnsutil.is_valid_domain('exam--ple.io')) + self.assertTrue(dnsutil.is_valid_domain('a.example.com')) + self.assertTrue(dnsutil.is_valid_domain('example.io')) + self.assertTrue(dnsutil.is_valid_domain('example-of-under-63-character-domain-label-length-limit-1234567.com')) + self.assertFalse(dnsutil.is_valid_domain('example-of-over-63-character-domain-label-length-limit-123456789.com')) + self.assertFalse(dnsutil.is_valid_domain('_acme-chall.example.com')) + self.assertFalse(dnsutil.is_valid_domain('e/xample.com')) + self.assertFalse(dnsutil.is_valid_domain('exam\ple.com')) + self.assertFalse(dnsutil.is_valid_domain(' Date: Wed, 3 Jun 2020 13:20:23 -0400 Subject: [PATCH 7/7] allowing for _ in domains --- lemur/dns_providers/util.py | 2 +- lemur/tests/test_dns_providers.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/lemur/dns_providers/util.py b/lemur/dns_providers/util.py index d7140661..0fa84ac1 100644 --- a/lemur/dns_providers/util.py +++ b/lemur/dns_providers/util.py @@ -35,7 +35,7 @@ def is_valid_domain(domain): domain = domain[:-1] if len(domain) > 253: return False - fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9](?:-*[a-z0-9])+)$|^[a-z0-9]$)", re.IGNORECASE) + fqdn_re = re.compile("(?=^.{1,63}$)(^(?:[a-z0-9_](?:-*[a-z0-9_])+)$|^[a-z0-9]$)", re.IGNORECASE) return all(fqdn_re.match(d) for d in domain.split(".")) diff --git a/lemur/tests/test_dns_providers.py b/lemur/tests/test_dns_providers.py index 26679776..83315be5 100644 --- a/lemur/tests/test_dns_providers.py +++ b/lemur/tests/test_dns_providers.py @@ -11,7 +11,7 @@ class TestDNSProvider(unittest.TestCase): self.assertTrue(dnsutil.is_valid_domain('example.io')) self.assertTrue(dnsutil.is_valid_domain('example-of-under-63-character-domain-label-length-limit-1234567.com')) self.assertFalse(dnsutil.is_valid_domain('example-of-over-63-character-domain-label-length-limit-123456789.com')) - self.assertFalse(dnsutil.is_valid_domain('_acme-chall.example.com')) + self.assertTrue(dnsutil.is_valid_domain('_acme-chall.example.com')) self.assertFalse(dnsutil.is_valid_domain('e/xample.com')) self.assertFalse(dnsutil.is_valid_domain('exam\ple.com')) self.assertFalse(dnsutil.is_valid_domain('