Stdlib::Fqdn type accepts ipv4 addresses, also allows truncated addresses #1282
Comments
canihavethisone
changed the title
My bet would indeed be on the numberical FQDNs because |
|
Interesting problem to solve. I'm wondering if a possible solution should include a test for invalid ipv4, such as 10.10.10.300. |
|
I'd suspect that the host definition should check that the last part (TLD) should be non-numeric. That should catch it. |
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
FTR this is a valid FQDN
There are two issues with this
Arguably the IANA DNS is the one most users would want to check however i think we should add a new type for this e.g. |
|
This part looks relevant:
That reads to me as an XOR: either a domain name or an IP. It should prefer it as an IP. So I think a fully numeric FQDN is invalid. You can catch that with |
I think that's valid if it matches (loose) pattern
should all be treated as DNS names |
|
Thank you for these insightful information and links. The rfc1123 Section 2 quoted above make me think we can accept an IP address as a FQDN: in an ideal world we would not, but this would need to happen in puppet with a custom data type that tries to parse the value as an IP address, raise an error if it succeed and does the actual test otherwise. I do not think we can do this at the stdlib level. So accepting IP addresses here looks like an acceptable compromise. I will update #1345 to take this into account. Thank you 💯 💯 💯 |
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
This PR introduces a new set of types for validating FQDN's. it creates a type for the more loose rfc definitions of domain names and a stricter and likely more useful iana type. This allows us to create a new type that more does to what most users expect i.e. that a dns name is one that works on the internt, without breaking current uses for users that may be using the Stdlib::Fqdn to validate validate DNS names that don't work with the IANA roots. The intention of this patch would be to deprecate the currnet Stdlib::Fqdn type and encourage users to move to the appropriate Stdlib::DNS::* type which for most users will likely be the stricter Stdlib::DNS::Fqdn type Note: this PR is intentionally a bit rough to first garner thoughts as to if this is the correct direction Fixes puppetlabs#1282 (not sure it fixes but want it tagged)
|
FTR i don't think that that the current type is what most people would want or expect but don't want to break things for current users. i created #1347 as a possible way forward let me know what you think and ill clean up the patch if its seems like a good direction |
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
This PR introduces a new set of types for validating FQDN's. it creates a type for the more loose rfc definitions of domain names and a stricter and likely more useful iana type. This allows us to create a new type that more does to what most users expect i.e. that a dns name is one that works on the internt, without breaking current uses for users that may be using the Stdlib::Fqdn to validate validate DNS names that don't work with the IANA roots. The intention of this patch would be to deprecate the currnet Stdlib::Fqdn type and encourage users to move to the appropriate Stdlib::DNS::* type which for most users will likely be the stricter Stdlib::DNS::Fqdn type Note: this PR is intentionally a bit rough to first garner thoughts as to if this is the correct direction Fixes puppetlabs#1282 (not sure it fixes but want it tagged)
This PR introduces a new set of types for validating FQDN's. it creates a type for the more loose rfc definitions of domain names and a stricter and likely more useful iana type. This allows us to create a new type that more does to what most users expect i.e. that a dns name is one that works on the internt, without breaking current uses for users that may be using the Stdlib::Fqdn to validate validate DNS names that don't work with the IANA roots. The intention of this patch would be to deprecate the currnet Stdlib::Fqdn type and encourage users to move to the appropriate Stdlib::DNS::* type which for most users will likely be the stricter Stdlib::DNS::Fqdn type Note: this PR is intentionally a bit rough to first garner thoughts as to if this is the correct direction Fixes puppetlabs#1282 (not sure it fixes but want it tagged)
Describe the Bug
Specifying a variable as type
Stdlib::Fqdnallows ipv4 addresses. This issue is compounded when usingStdlib::Hostas with the inclusion ofFqdnit allows truncated ipv4 addresses such as10.10.10.10.10.Expected Behavior
IPv4 addresses should be validated when using
Stdlib::Hostand not accepted within theStdlib:FqdntypeSteps to Reproduce
Steps to reproduce the behavior:
Create a variable with type
Stdlib::FqdnSubmit valid or truncated ipv4 address, which passes (the regex)
Create a variable with type
Stdlib::HostSubmit a truncated ipv4 address, which passes (the regex)
Environment
Additional Context
Unsure if this is a flaw in catering for numerical fqdn's, and how it can be addressed. TL:DR is that using
Stdlib::Hostdoes not ensure ipv4 addresses are validThe text was updated successfully, but these errors were encountered: