We use cookies to ensure you get the best experience on our website
首頁 探索 說明
註冊 登入
0ct0pu5
/
desec-stack
1
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
目錄樹: b03d4f93b9
分支列表 標籤列表
desec-stack
/
test
/
e2e2
/
spec
/
test_api_rr_validation.py

test_api_rr_validation.py 7.3 KB
文件歷史 原始文件

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182 
  1. from time import sleep
    2. 

  2. from typing import List, Tuple
    3. 

  3. 

  4. import pytest
    5. 

  5. 

  6. from conftest import DeSECAPIV1Client, NSClient
    7. 

  7. 

  8. 

  9. def generate_params(dict_value_lists_by_type: dict) -> List[Tuple[str, str]]:
    10. 

  10.     return [
    11. 

  11.         (rr_type, value)
    12. 

  12.         for rr_type in dict_value_lists_by_type.keys()
    13. 

  13.         for value in dict_value_lists_by_type[rr_type]
    14. 

  14.     ]
    15. 

  15. 

  16. 

  17. VALID_RECORDS_CANONICAL = {
    18. 

  18.     'A': ['127.0.0.1', '127.0.0.2'],
    19. 

  19.     'AAAA': ['::1', '::2'],
    20. 

  20.     'AFSDB': ['2 turquoise.femto.edu.'],
    21. 

  21.     'CAA': [
    22. 

  22.         '128 issue "letsencrypt.org"', '128 iodef "mailto:desec@example.com"',
    23. 

  23.         '1 issue "letsencrypt.org"'
    24. 

  24.     ],
    25. 

  25.     'CERT': ['6 0 0 sadfdQ=='],
    26. 

  26.     'CNAME': ['example.com.'],
    27. 

  27.     'DHCID': ['aaaaaaaaaaaa', 'xxxx'],
    28. 

  28.     'DLV': [
    29. 

  29.         '39556 13 1 aabbccddeeff',
    30. 

  30.     ],
    31. 

  31.     'DS': [
    32. 

  32.         '39556 13 1 aabbccddeeff',
    33. 

  33.     ],
    34. 

  34.     'EUI48': ['aa-bb-cc-dd-ee-ff'],
    35. 

  35.     'EUI64': ['aa-bb-cc-dd-ee-ff-00-11'],
    36. 

  36.     'HINFO': ['"ARMv8-A" "Linux"'],
    37. 

  37.     # 'IPSECKEY': ['12 0 2 . asdfdf==', '03 1 1 127.0.00.1 asdfdf==', '12 3 1 example.com. asdfdf==',],
    38. 

  38.     'KX': ['4 example.com.', '28 io.'],
    39. 

  39.     'LOC': [
    40. 

  40.         '23 12 59.000 N 42 22 48.500 W 65.00m 20.00m 10.00m 10.00m',
    41. 

  41.     ],
    42. 

  42.     'MX': ['10 example.com.', '20 1.1.1.1.'],
    43. 

  43.     'NAPTR': [
    44. 

  44.         '100 50 "s" "z3950+I2L+I2C" "" _z3950._tcp.gatech.edu.',
    45. 

  45.     ],
    46. 

  46.     'NS': ['ns1.example.com.'],
    47. 

  47.     'OPENPGPKEY': [
    48. 

  48.         'mG8EXtVIsRMFK4EEACIDAwQSZPNqE4tS xLFJYhX+uabSgMrhOqUizJhkLx82',  # key incomplete due to 500 byte limit
    49. 

  49.     ],
    50. 

  50.     'PTR': ['example.com.', '*.example.com.'],
    51. 

  51.     'RP': ['hostmaster.example.com. .'],
    52. 

  52.     # 'SMIMEA': ['3 1 0 aabbccddeeff'],
    53. 

  53.     'SPF': [
    54. 

  54.         '"v=spf1 ip4:10.1" ".1.1 ip4:127" ".0.0.0/16 ip4:192.168.0.0/27 include:example.com -all"',
    55. 

  55.         '"v=spf1 include:example.com ~all"',
    56. 

  56.         '"v=spf1 ip4:10.1.1.1 ip4:127.0.0.0/16 ip4:192.168.0.0/27 include:example.com -all"',
    57. 

  57.         '"spf2.0/pra,mfrom ip6:2001:558:fe14:76:68:87:28:0/120 -all"',
    58. 

  58.     ],
    59. 

  59.     'SRV': ['0 0 0 .', '100 1 5061 example.com.'],
    60. 

  60.     'SSHFP': ['2 2 aabbcceeddff'],
    61. 

  61.     'TLSA': ['3 1 1 aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa',],
    62. 

  62.     'TXT': [
    63. 

  63.         '"foobar"',
    64. 

  64.         '"foo" "bar"',
    65. 

  65.         '"foo" "" "bar"',
    66. 

  66.         '"" "" "foo" "" "bar"',
    67. 

  67.         '"new\\010line"',
    68. 

  68.         f'"{"a" * 255}" "{"a" * 243}"',  # 500 byte total wire length
    69. 

  69.     ],
    70. 

  70.     'URI': ['10 1 "ftp://ftp1.example.com/public"'],
    71. 

  71. }
    72. 

  72. 

  73. 

  74. VALID_RECORDS_NON_CANONICAL = {
    75. 

  75.     'A': ['127.0.000.3'],
    76. 

  76.     'AAAA': ['0000::0000:0003'],
    77. 

  77.     'AFSDB': ['03 turquoise.FEMTO.edu.'],
    78. 

  78.     'CAA': ['0128 "issue" "letsencrypt.org"'],
    79. 

  79.     'CERT': ['06 00 00 sadfee=='],
    80. 

  80.     'CNAME': ['EXAMPLE.TEST.'],
    81. 

  81.     'DHCID': ['aa aaa  aaaa a a a', 'xxxx'],
    82. 

  82.     'DLV': [
    83. 

  83.         '6454 8 2 5CBA665A006F6487625C6218522F09BD3673C25FA10F25CB18459AA1 0DF1F520',
    84. 

  84.         '6454 8 2 5C BA665A006F6487625C6218522F09BD3673C25FA10F25CB18459AA1 0DF1F520',
    85. 

  85.     ],
    86. 

  86.     'DS': [
    87. 

  87.         '6454 8 2 5CBA665A006F6487625C6218522F09BD3673C25FA10F25CB18459AA1 0DF1F520',
    88. 

  88.         '6454 8 2 5C BA665A006F6487625C6218522F09BD3673C25FA10F25CB18459AA1 0DF1F520',
    89. 

  89.     ],
    90. 

  90.     'EUI48': ['AA-BB-CC-DD-EE-F1'],
    91. 

  91.     'EUI64': ['AA-BB-CC-DD-EE-FF-00-12'],
    92. 

  92.     'HINFO': ['cpu os'],
    93. 

  93.     # 'IPSECKEY': ['12 0 2 . asdfdf==', '03 1 1 127.0.00.1 asdfdf==', '12 3 1 example.com. asdfdf==',],
    94. 

  94.     'KX': ['012 example.TEST.'],
    95. 

  95.     'LOC': [
    96. 

  96.         '023 012 59 N 042 022 48.500 W 65.00m 20.00m 10.00m 10.00m',
    97. 

  97.     ],
    98. 

  98.     'MX': ['10 010.1.1.1.'],
    99. 

  99.     'NAPTR': [
    100. 

  100.         '100  50  "s"  "z3950+I2L+I2C"     ""  _z3950._tcp.gatech.edu.',
    101. 

  101.     ],
    102. 

  102.     'NS': ['EXaMPLE.COM.'],
    103. 

  103.     'OPENPGPKEY': [
    104. 

  104.         'mG8EXtVIsRMFK4EEAC==',
    105. 

  105.         'mG8EXtVIsRMFK4EEACIDAwQSZPNqE4tSxLFJYhX+uabSgMrhOqUizJhkLx82',  # key incomplete due to 500 byte limit
    106. 

  106.     ],
    107. 

  107.     'PTR': ['EXAMPLE.TEST.'],
    108. 

  108.     'RP': ['hostmaster.EXAMPLE.com. .'],
    109. 

  109.     # 'SMIMEA': ['3 01 0 aabbccDDeeff'],
    110. 

  110.     'SPF': [],
    111. 

  111.     'SRV': ['100 01 5061 example.com.'],
    112. 

  112.     'SSHFP': ['02 2 aabbcceeddff'],
    113. 

  113.     'TLSA': ['3 0001 1 000AAAAAAABBAAAAAAAAAAAAAAAAAAAAAAAA',],
    114. 

  114.     'TXT': [
    115. 

  115.         f'"{"a" * 498}"',
    116. 

  116.         '"🧥 👚 👕 👖 👔 👗 👙 👘 👠 👡 👢 👞 👟 🥾 🥿  🧦 🧤 🧣 🎩 🧢 👒 🎓 ⛑ 👑 👝 👛 👜 💼 🎒 "',
    117. 

  117.         '"🧥 👚 👕 👖 👔 👗 👙 👘 👠 👡 👢 👞 👟 🥾 🥿  🧦 🧤 🧣 🎩 🧢 👒 🎓 ⛑ 👑 👝 👛 👜 💼 🎒 👓 🕶 🥽 🥼 🌂 🧵"',
    118. 

  118.     ],
    119. 

  119.     'URI': ['10 01 "ftp://ftp1.example.test/public"',],
    120. 

  120. }
    121. 

  121. 

  122. 

  123. INVALID_RECORDS = {
    124. 

  124.     'A': ['127.0.0.999', '127.0.0.256', '::1', 'foobar', '10.0.1', '10!'],
    125. 

  125.     'AAAA': ['::g', '1:1:1:1:1:1:1:1:', '1:1:1:1:1:1:1:1:1'],
    126. 

  126.     'AFSDB': ['example.com.', '1 1', '1 de'],
    127. 

  127.     'CAA': ['43235 issue "letsencrypt.org"'],
    128. 

  128.     'CERT': ['6 0 sadfdd=='],
    129. 

  129.     'CNAME': ['example.com', '10 example.com.'],
    130. 

  130.     'DHCID': ['x', 'xx', 'xxx'],
    131. 

  131.     'DLV': ['-34 13 1 aabbccddeeff'],
    132. 

  132.     'DS': ['-34 13 1 aabbccddeeff'],
    133. 

  133.     'EUI48': ['aa-bb-ccdd-ee-ff', 'AA-BB-CC-DD-EE-GG'],
    134. 

  134.     'EUI64': ['aa-bb-cc-dd-ee-ff-gg-11', 'AA-BB-C C-DD-EE-FF-00-11'],
    135. 

  135.     'HINFO': ['"ARMv8-A"', f'"a" "{"b" * 256}"'],
    136. 

  136.     # 'IPSECKEY': [],
    137. 

  137.     'KX': ['-1 example.com', '10 example.com'],
    138. 

  138.     'LOC': ['23 12 61.000 N 42 22 48.500 W 65.00m 20.00m 10.00m 10.00m', 'foo', '1.1.1.1'],
    139. 

  139.     'MX': ['10 example.com', 'example.com.', '-5 asdf.', '65537 asdf.'],
    140. 

  140.     'NAPTR': ['100  50  "s"  "z3950+I2L+I2C"     ""  _z3950._tcp.gatech.edu',
    141. 

  141.               '100  50  "s"     ""  _z3950._tcp.gatech.edu.',
    142. 

  142.               '100  50  3 2  "z3950+I2L+I2C"     ""  _z3950._tcp.gatech.edu.'],
    143. 

  143.     'NS': ['ns1.example.com', '127.0.0.1'],
    144. 

  144.     'OPENPGPKEY': ['1 2 3'],
    145. 

  145.     'PTR': ['"example.com."', '10 *.example.com.'],
    146. 

  146.     'RP': ['hostmaster.example.com.', '10 foo.'],
    147. 

  147.     # 'SMIMEA': ['3 1 0 aGVsbG8gd29ybGQh', 'x 0 0 aabbccddeeff'],
    148. 

  148.     'SPF': ['"v=spf1', 'v=spf1 include:example.com ~all'],
    149. 

  149.     'SRV': ['0 0 0 0', '100 5061 example.com.'],
    150. 

  150.     'SSHFP': ['aabbcceeddff'],
    151. 

  151.     'TLSA': ['3 1 1 AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'],
    152. 

  152.     'TXT': [
    153. 

  153.         'foob"ar',
    154. 

  154.         'v=spf1 include:example.com ~all',
    155. 

  155.         '"foo\nbar"',
    156. 

  156.         '"' + 124 * '🧥' + '==="',  # 501 byte total length
    157. 

  157.         '"\x00" "NUL byte yo"',
    158. 

  158.     ],
    159. 

  159.     'URI': ['"1" "2" "3"'],
    160. 

  160. }
    161. 

  161. INVALID_RECORDS_PARAMS = [(rr_type, value) for rr_type in INVALID_RECORDS.keys() for value in INVALID_RECORDS[rr_type]]
    162. 

  162. 

  163. 

  164. def test_soundness():
    165. 

  165.     assert INVALID_RECORDS.keys() == VALID_RECORDS_CANONICAL.keys() == VALID_RECORDS_NON_CANONICAL.keys()
    166. 

  166. 

  167. 

  168. @pytest.mark.parametrize("rr_type,value", generate_params(VALID_RECORDS_CANONICAL))
    169. 

  169. def test_create_valid_canonical(api_user_domain: DeSECAPIV1Client, ns_lord: NSClient, rr_type: str, value: str):
    170. 

  170.     assert api_user_domain.rr_set_create(api_user_domain.domains[0], rr_type, [value], subname="a").status_code == 201
    171. 

  171.     assert ns_lord.query(f"a.{api_user_domain.domains[0]}", rr_type) == {value}
    172. 

  172. 

  173. 

  174. @pytest.mark.parametrize("rr_type,value", generate_params(VALID_RECORDS_NON_CANONICAL))
    175. 

  175. def test_create_valid_non_canonical(api_user_domain: DeSECAPIV1Client, ns_lord: NSClient, rr_type: str, value: str):
    176. 

  176.     assert api_user_domain.rr_set_create(api_user_domain.domains[0], rr_type, [value], subname="a").status_code == 201
    177. 

  177.     assert len(ns_lord.query(f"a.{api_user_domain.domains[0]}", rr_type)) == 1
    178. 

  178. 

  179. 

  180. @pytest.mark.parametrize("rr_type,value", INVALID_RECORDS_PARAMS)
    181. 

  181. def test_create_invalid(api_user_domain: DeSECAPIV1Client, rr_type: str, value: str):
    182. 

  182.     assert api_user_domain.rr_set_create(api_user_domain.domains[0], rr_type, [value]).status_code == 400
    183.

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5