-
Notifications
You must be signed in to change notification settings - Fork 69
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Fixes #37604 - Validate DNS forwarders
A user can input an invalid value and the service will refuse to start up. We can catch this in data types, preventing service downtime.
- Loading branch information
Showing
5 changed files
with
36 additions
and
3 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,22 @@ | ||
require 'spec_helper' | ||
|
||
describe 'Dns::Forwarder' do | ||
it { is_expected.not_to allow_value(nil) } | ||
it { is_expected.not_to allow_value('') } | ||
|
||
describe 'IPv4' do | ||
it { is_expected.to allow_value('192.0.2.1') } | ||
it { is_expected.to allow_value('192.0.2.1 port 5353') } | ||
it { is_expected.to allow_value('192.168.254.254 port 5353') } | ||
it { is_expected.to allow_value('192.168.254.254 port 65534') } | ||
end | ||
|
||
describe 'IPv6' do | ||
it { is_expected.to allow_value('::1') } | ||
it { is_expected.to allow_value('::1 port 5353') } | ||
it { is_expected.to allow_value('2001:db8:1234:5678:9ABC:DEF::1') } | ||
it { is_expected.to allow_value('2001:db8:1234:5678:9ABC:DEF::1 port 5353') } | ||
it { is_expected.to allow_value('2001:0db8:1234:5678:9ABC:0DEF:0000:0001') } | ||
it { is_expected.to allow_value('2001:0db8:1234:5678:9ABC:0DEF:0000:0001 port 65534') } | ||
end | ||
end |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,11 @@ | ||
# @summary a DNS forwarder entry | ||
# | ||
# A forwarder is an IP address (v4 or v6) with optionally followed a port. | ||
# Since we can't compose patterns, this copies stdlib's implementation for v4. | ||
# For v6 it uses the default type and grossly simplifies the port check for simplicity. | ||
type Dns::Forwarder = Variant[ | ||
Pattern[/\A([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])(\.([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])){3}(\s+port\s+[0-9]{1,5})?\z/], | ||
Stdlib::IP::Address::V6::Nosubnet, | ||
# This is a really gross simplification of IPv6 | ||
Pattern[/(\A(:{0,2}[[:xdigit:]]{1,4}){1,8}\s+port\s[0-9]{1,5}\Z)/], | ||
] |