Accepting request 1153060 from devel:languages:python

- Update to 5.3.1: * Ignore UnicodeDecodeError exceptions when querying for TXT records * Check DNSSEC on MX hostnames * USE DNSSEC when requesting DNSKEY records * Do not require an RRSIG answer when querying for DNSKEY records * Pass in nameservers and timeout when running get_dnskey recursively * Properly cache DNSKEY answers * Fix exception handling for query_mta_sts_record * Check for TLSA records * Add support for parsing SMTP TLS Reporting (RFC8460) DNS records * Add missing import dns.dnssec * Always use the actual subdomain or domain provided * Include MTA-STS and BIMI results in CSV output * Added the include_tag_descriptions parameter to checkdmarc.bimi.check_bimi() * Added the exception class MTASTSPolicyDownloadError * Major refactoring: Change from a single module to a package of modules, with each checked standard as its own package * Add support for MTA-STS RFC 8461 * Add support for BIMI * Specify a BIMI selector using the --bimi-selector/-b option * Fix SPF query error and warning messages * Add support for null MX records - RFC 7505 * Make DMARC retorting URI error messages more clear * Fix compatibility with Python 3.8 * SPFRecordNotFound exception now includes a domain argument * The DMARC missing authorization error message now includes the full expected DNS record * Properly parse DMARC and BIMI records for domains that do not have an identified base domain OBS-URL: https://build.opensuse.org/request/show/1153060 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/python-checkdmarc?expand=0&rev=2
2024-02-29 20:49:39 +00:00 · 2024-02-29 20:49:39 +00:00 · 7e71dca76f
commit 7e71dca76f
parent ad99ac0b70 7f1ac1cbd4
8 changed files with 255 additions and 355 deletions
--- a/201
+++ b/201
@ -1,201 +0,0 @@
-                                 Apache License
-                           Version 2.0, January 2004
-                        http://www.apache.org/licenses/
-
-   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
-
-   1. Definitions.
-
-      "License" shall mean the terms and conditions for use, reproduction,
-      and distribution as defined by Sections 1 through 9 of this document.
-
-      "Licensor" shall mean the copyright owner or entity authorized by
-      the copyright owner that is granting the License.
-
-      "Legal Entity" shall mean the union of the acting entity and all
-      other entities that control, are controlled by, or are under common
-      control with that entity. For the purposes of this definition,
-      "control" means (i) the power, direct or indirect, to cause the
-      direction or management of such entity, whether by contract or
-      otherwise, or (ii) ownership of fifty percent (50%) or more of the
-      outstanding shares, or (iii) beneficial ownership of such entity.
-
-      "You" (or "Your") shall mean an individual or Legal Entity
-      exercising permissions granted by this License.
-
-      "Source" form shall mean the preferred form for making modifications,
-      including but not limited to software source code, documentation
-      source, and configuration files.
-
-      "Object" form shall mean any form resulting from mechanical
-      transformation or translation of a Source form, including but
-      not limited to compiled object code, generated documentation,
-      and conversions to other media types.
-
-      "Work" shall mean the work of authorship, whether in Source or
-      Object form, made available under the License, as indicated by a
-      copyright notice that is included in or attached to the work
-      (an example is provided in the Appendix below).
-
-      "Derivative Works" shall mean any work, whether in Source or Object
-      form, that is based on (or derived from) the Work and for which the
-      editorial revisions, annotations, elaborations, or other modifications
-      represent, as a whole, an original work of authorship. For the purposes
-      of this License, Derivative Works shall not include works that remain
-      separable from, or merely link (or bind by name) to the interfaces of,
-      the Work and Derivative Works thereof.
-
-      "Contribution" shall mean any work of authorship, including
-      the original version of the Work and any modifications or additions
-      to that Work or Derivative Works thereof, that is intentionally
-      submitted to Licensor for inclusion in the Work by the copyright owner
-      or by an individual or Legal Entity authorized to submit on behalf of
-      the copyright owner. For the purposes of this definition, "submitted"
-      means any form of electronic, verbal, or written communication sent
-      to the Licensor or its representatives, including but not limited to
-      communication on electronic mailing lists, source code control systems,
-      and issue tracking systems that are managed by, or on behalf of, the
-      Licensor for the purpose of discussing and improving the Work, but
-      excluding communication that is conspicuously marked or otherwise
-      designated in writing by the copyright owner as "Not a Contribution."
-
-      "Contributor" shall mean Licensor and any individual or Legal Entity
-      on behalf of whom a Contribution has been received by Licensor and
-      subsequently incorporated within the Work.
-
-   2. Grant of Copyright License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      copyright license to reproduce, prepare Derivative Works of,
-      publicly display, publicly perform, sublicense, and distribute the
-      Work and such Derivative Works in Source or Object form.
-
-   3. Grant of Patent License. Subject to the terms and conditions of
-      this License, each Contributor hereby grants to You a perpetual,
-      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
-      (except as stated in this section) patent license to make, have made,
-      use, offer to sell, sell, import, and otherwise transfer the Work,
-      where such license applies only to those patent claims licensable
-      by such Contributor that are necessarily infringed by their
-      Contribution(s) alone or by combination of their Contribution(s)
-      with the Work to which such Contribution(s) was submitted. If You
-      institute patent litigation against any entity (including a
-      cross-claim or counterclaim in a lawsuit) alleging that the Work
-      or a Contribution incorporated within the Work constitutes direct
-      or contributory patent infringement, then any patent licenses
-      granted to You under this License for that Work shall terminate
-      as of the date such litigation is filed.
-
-   4. Redistribution. You may reproduce and distribute copies of the
-      Work or Derivative Works thereof in any medium, with or without
-      modifications, and in Source or Object form, provided that You
-      meet the following conditions:
-
-      (a) You must give any other recipients of the Work or
-          Derivative Works a copy of this License; and
-
-      (b) You must cause any modified files to carry prominent notices
-          stating that You changed the files; and
-
-      (c) You must retain, in the Source form of any Derivative Works
-          that You distribute, all copyright, patent, trademark, and
-          attribution notices from the Source form of the Work,
-          excluding those notices that do not pertain to any part of
-          the Derivative Works; and
-
-      (d) If the Work includes a "NOTICE" text file as part of its
-          distribution, then any Derivative Works that You distribute must
-          include a readable copy of the attribution notices contained
-          within such NOTICE file, excluding those notices that do not
-          pertain to any part of the Derivative Works, in at least one
-          of the following places: within a NOTICE text file distributed
-          as part of the Derivative Works; within the Source form or
-          documentation, if provided along with the Derivative Works; or,
-          within a display generated by the Derivative Works, if and
-          wherever such third-party notices normally appear. The contents
-          of the NOTICE file are for informational purposes only and
-          do not modify the License. You may add Your own attribution
-          notices within Derivative Works that You distribute, alongside
-          or as an addendum to the NOTICE text from the Work, provided
-          that such additional attribution notices cannot be construed
-          as modifying the License.
-
-      You may add Your own copyright statement to Your modifications and
-      may provide additional or different license terms and conditions
-      for use, reproduction, or distribution of Your modifications, or
-      for any such Derivative Works as a whole, provided Your use,
-      reproduction, and distribution of the Work otherwise complies with
-      the conditions stated in this License.
-
-   5. Submission of Contributions. Unless You explicitly state otherwise,
-      any Contribution intentionally submitted for inclusion in the Work
-      by You to the Licensor shall be under the terms and conditions of
-      this License, without any additional terms or conditions.
-      Notwithstanding the above, nothing herein shall supersede or modify
-      the terms of any separate license agreement you may have executed
-      with Licensor regarding such Contributions.
-
-   6. Trademarks. This License does not grant permission to use the trade
-      names, trademarks, service marks, or product names of the Licensor,
-      except as required for reasonable and customary use in describing the
-      origin of the Work and reproducing the content of the NOTICE file.
-
-   7. Disclaimer of Warranty. Unless required by applicable law or
-      agreed to in writing, Licensor provides the Work (and each
-      Contributor provides its Contributions) on an "AS IS" BASIS,
-      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
-      implied, including, without limitation, any warranties or conditions
-      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
-      PARTICULAR PURPOSE. You are solely responsible for determining the
-      appropriateness of using or redistributing the Work and assume any
-      risks associated with Your exercise of permissions under this License.
-
-   8. Limitation of Liability. In no event and under no legal theory,
-      whether in tort (including negligence), contract, or otherwise,
-      unless required by applicable law (such as deliberate and grossly
-      negligent acts) or agreed to in writing, shall any Contributor be
-      liable to You for damages, including any direct, indirect, special,
-      incidental, or consequential damages of any character arising as a
-      result of this License or out of the use or inability to use the
-      Work (including but not limited to damages for loss of goodwill,
-      work stoppage, computer failure or malfunction, or any and all
-      other commercial damages or losses), even if such Contributor
-      has been advised of the possibility of such damages.
-
-   9. Accepting Warranty or Additional Liability. While redistributing
-      the Work or Derivative Works thereof, You may choose to offer,
-      and charge a fee for, acceptance of support, warranty, indemnity,
-      or other liability obligations and/or rights consistent with this
-      License. However, in accepting such obligations, You may act only
-      on Your own behalf and on Your sole responsibility, not on behalf
-      of any other Contributor, and only if You agree to indemnify,
-      defend, and hold each Contributor harmless for any liability
-      incurred by, or claims asserted against, such Contributor by reason
-      of your accepting any such warranty or additional liability.
-
-   END OF TERMS AND CONDITIONS
-
-   APPENDIX: How to apply the Apache License to your work.
-
-      To apply the Apache License to your work, attach the following
-      boilerplate notice, with the fields enclosed by brackets "[]"
-      replaced with your own identifying information. (Don't include
-      the brackets!)  The text should be enclosed in the appropriate
-      comment syntax for the file format. We also recommend that a
-      file or class name and description of purpose be included on the
-      same "printed page" as the copyright notice for easier
-      identification within third-party archives.
-
-   Copyright [yyyy] [name of copyright owner]
-
-   Licensed under the Apache License, Version 2.0 (the "License");
-   you may not use this file except in compliance with the License.
-   You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--- a/checkdmarc-4.4.1.tar.gz
+++ b/checkdmarc-4.4.1.tar.gz
@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:e92ba8c34dffea8d48409de77cd48d1f0c1b72ba8fc1ac54f537e9146d0212a5
-size 22930
--- a/checkdmarc-5.3.1.tar.gz
+++ b/checkdmarc-5.3.1.tar.gz
@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:1d71e7fa611fa8faa36fad09416b5e2c3265d026d3b5209c051f4e292565e332
+size 36307
--- a/python-checkdmarc.changes
+++ b/python-checkdmarc.changes
@ -1,3 +1,65 @@
+-------------------------------------------------------------------
+Thu Feb 29 01:43:19 UTC 2024 - Steve Kowalik <steven.kowalik@suse.com>
+
+- Update to 5.3.1:
+  * Ignore UnicodeDecodeError exceptions when querying for TXT records
+  * Check DNSSEC on MX hostnames
+  * USE DNSSEC when requesting DNSKEY records
+  * Do not require an RRSIG answer when querying for DNSKEY records
+  * Pass in nameservers and timeout when running get_dnskey recursively
+  * Properly cache DNSKEY answers
+  * Fix exception handling for query_mta_sts_record
+  * Check for TLSA records
+  * Add support for parsing SMTP TLS Reporting (RFC8460) DNS records
+  * Add missing import dns.dnssec
+  * Always use the actual subdomain or domain provided
+  * Include MTA-STS and BIMI results in CSV output
+  * Added the include_tag_descriptions parameter to
+    checkdmarc.bimi.check_bimi()
+  * Added the exception class MTASTSPolicyDownloadError
+  * Major refactoring: Change from a single module to a package of modules,
+    with each checked standard as its own package
+  * Add support for MTA-STS RFC 8461
+  * Add support for BIMI
+  * Specify a BIMI selector using the --bimi-selector/-b option
+  * Fix SPF query error and warning messages
+  * Add support for null MX records - RFC 7505
+  * Make DMARC retorting URI error messages more clear
+  * Fix compatibility with Python 3.8
+  * SPFRecordNotFound exception now includes a domain argument
+  * The DMARC missing authorization error message now includes the full
+    expected DNS record
+  * Properly parse DMARC and BIMI records for domains that do not have an
+    identified base domain
+  * Add ignore_unrelated_records argument to query_dmarc_record()
+  * Replace publicsuffix2 with publicsuffixlist
+  * Maintain the original character case of the DMARC record
+  * Always treat tag names as lowercase
+  * Always treat the DMARC v tag value as if it was uppercase
+  * Always treat the DMARC p, and fo tag values as if they were lowercase
+  * Always treat URI schemes as lowercase, but maintain the case of the address
+  * Ignore case and whitespace when parsing DMARC and BIMI key=value pairs
+  * Handle missing PTR records more gracefully
+  * Redundant DMARC fo tag values now result in a warning
+  * Detect non-trivial loops
+  * Raise a SPFSyntaxError exception when an IP address and IP version do
+    not match
+  * Fix raising the DMARCRecordNotFound exception when a DMARC record does
+    not exist
+  * Add void lookup limit
+  * Add Support for User Defined DNS Resolver Object
+  * Fix DNS caching
+  * Fix CSV output
+  * Always parse RUA and RUF fields, even if other parts of the record are
+    invalid
+  * Migrate build from setuptools to hatch
+- Stop shipping LICENSE, now included directly.
+- Refresh tests.py from upstream.
+- Switch to pyproject and patch macros.
+- No more greedy globs in %files.
+- Drop skip-broken-tests.patch, not required.
+- Add patch skip-network-tests.patch, skip tests that require network access.
+
 -------------------------------------------------------------------
 Wed Jul 21 10:20:44 UTC 2021 - Matej Cepl <mcepl@suse.com>

--- a/python-checkdmarc.spec
+++ b/python-checkdmarc.spec
@ -1,7 +1,7 @@
 #
 # spec file for package python-checkdmarc
 #
-# Copyright (c) 2021 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 # Copyright (c) 2021, Martin Hauke <mardnh@gmx.de>
 #
 # All modifications and additions to the file contributed by third parties
@ -17,31 +17,34 @@
 #


-%{?!python_module:%define python_module() python-%{**} python3-%{**}}
 Name:           python-checkdmarc
-Version:        4.4.1
+Version:        5.3.1
 Release:        0
 Summary:        A Python module and command line parser for SPF and DMARC records
 License:        Apache-2.0
 URL:            https://domainaware.github.io/checkdmarc
 Source:         https://files.pythonhosted.org/packages/source/c/checkdmarc/checkdmarc-%{version}.tar.gz
-Source1:        https://raw.githubusercontent.com/domainaware/checkdmarc/master/LICENSE
-Source2:        https://raw.githubusercontent.com/domainaware/checkdmarc/master/tests.py
-Patch0:         skip-broken-tests.patch
-BuildRequires:  %{python_module setuptools}
+Source1:        https://raw.githubusercontent.com/domainaware/checkdmarc/master/tests.py
+Patch0:         skip-network-tests.patch
+BuildRequires:  %{python_module hatchling}
+BuildRequires:  %{python_module pip}
+BuildRequires:  %{python_module wheel}
 BuildRequires:  fdupes
 BuildRequires:  python-rpm-macros
+Requires:       python-cryptography
 Requires:       python-dnspython >= 2.0.0
 Requires:       python-expiringdict >= 1.1.4
-Requires:       python-publicsuffix2 >= 2.20191221
+Requires:       python-publicsuffixlist
 Requires:       python-pyleri >= 1.3.2
 Requires:       python-requests >= 2.25.0
 Requires:       python-timeout-decorator >= 0.4.1
+Requires(post): update-alternatives
+Requires(postun): update-alternatives
 BuildArch:      noarch
 # SECTION test requirements
 BuildRequires:  %{python_module dnspython >= 2.0.0}
 BuildRequires:  %{python_module expiringdict >= 1.1.4}
-BuildRequires:  %{python_module publicsuffix2 >= 2.20191221}
+BuildRequires:  %{python_module publicsuffixlist}
 BuildRequires:  %{python_module pyleri >= 1.3.2}
 BuildRequires:  %{python_module requests >= 2.25.0}
 BuildRequires:  %{python_module timeout-decorator >= 0.4.1}
@ -53,14 +56,14 @@ A Python module and command line parser for SPF and DMARC records.

 %prep
 %setup -q -n checkdmarc-%{version}
-cp %{SOURCE1} %{SOURCE2} .
-%patch0 -p1
+cp %{SOURCE1} .
+%patch -P 0 -p0

 %build
-%python_build
+%pyproject_wheel

 %install
-%python_install
+%pyproject_install
 %python_clone -a %{buildroot}%{_bindir}/checkdmarc
 %python_expand %fdupes %{buildroot}%{$python_sitelib}

@ -75,8 +78,9 @@ cp %{SOURCE1} %{SOURCE2} .

 %files %{python_files}
 %license LICENSE
-%doc README.rst
+%doc README.md
 %python_alternative %{_bindir}/checkdmarc
-%{python_sitelib}/*
+%{python_sitelib}/checkdmarc
+%{python_sitelib}/checkdmarc-%{version}.dist-info

 %changelog
--- a/skip-broken-tests.patch
+++ b/skip-broken-tests.patch
@ -1,92 +0,0 @@
-diff --git a/tests.py b/tests.py
-index 803a04c..56c70e2 100644
--- a/tests.py
-+++ b/tests.py
-@@ -43,15 +43,6 @@ class Test(unittest.TestCase):
- 
-         self.assertEqual(len(results["warnings"]), 0)
- 
-    def testSplitSPFRecord(self):
-        """Split SPF records are parsed properly"""
-
-        rec = '"v=spf1 ip4:147.75.8.208 " "include:_spf.salesforce.com -all"'
-
-        parsed_record = checkdmarc.parse_spf_record(rec, "example.com")
-
-        self.assertEqual(parsed_record["parsed"]["all"], "fail")
-
-     def testJunkAfterAll(self):
-         """Ignore any mechanisms after the all mechanism, but warn about it"""
-         rec = "v=spf1 ip4:213.5.39.110 -all MS=83859DAEBD1978F9A7A67D3"
-@@ -60,10 +51,6 @@ class Test(unittest.TestCase):
-         parsed_record = checkdmarc.parse_spf_record(rec, domain)
-         self.assertEqual(len(parsed_record["warnings"]), 1)
- 
-    def testDNSSEC(self):
-        """Test known good DNSSEC"""
-        self.assertEqual(checkdmarc.test_dnssec("whalensolutions.com"), True)
-
-     def testIncludeMissingSPF(self):
-         """SPF records that include domains that are missing SPF records
-         raise SPFRecordNotFound"""
-@@ -77,21 +64,6 @@ class Test(unittest.TestCase):
-         self.assertRaises(checkdmarc.SPFRecordNotFound,
-                           checkdmarc.parse_spf_record, spf_record, domain)
- 
-    def testTooManySPFDNSLookups(self):
-        """SPF records with > 10 SPF mechanisms that cause DNS lookups raise
-        SPFTooManyDNSLookups"""
-
-        spf_record = "v=spf1 a include:_spf.salesforce.com " \
-                     "include:spf.protection.outlook.com " \
-                     "include:spf.constantcontact.com " \
-                     "include:_spf.elasticemail.com " \
-                     "include:servers.mcsv.net " \
-                     "include:_spf.google.com " \
-                     "~all"
-        domain = "example.com"
-        self.assertRaises(checkdmarc.SPFTooManyDNSLookups,
-                          checkdmarc.parse_spf_record, spf_record, domain)
-
-     def testSPFSyntaxErrors(self):
-         """SPF record syntax errors raise SPFSyntaxError"""
- 
-@@ -139,38 +111,6 @@ class Test(unittest.TestCase):
-         self.assertRaises(checkdmarc.SPFIncludeLoop,
-                           checkdmarc.parse_spf_record, spf_record, domain)
- 
-    def testSPFMissingMXRecord(self):
-        """A warning is issued if a SPF record contains a mx mechanism
-        pointing to a domain that has no MX records"""
-
-        spf_record = '"v=spf1 mx ~all"'
-        domain = "seanthegeek.net"
-        results = checkdmarc.parse_spf_record(spf_record, domain)
-        self.assertIn("{0} does not have any MX records".format(domain),
-                      results["warnings"])
-
-    def testSPFMissingARecord(self):
-        """A warning is issued if a SPF record contains a mx mechanism
-        pointing to a domain that has no A records"""
-
-        spf_record = '"v=spf1 include:_spf.bibsyst.no a mx ~all"'
-        domain = "sogne.folkebibl.no"
-        results = checkdmarc.parse_spf_record(spf_record, domain)
-        self.assertIn("sogne.folkebibl.no does not have any A/AAAA records",
-                      results["warnings"])
-
-    def testDMARCPctLessThan100Warning(self):
-        """A warning is issued if the DMARC pvt value is less than 100"""
-
-        dmarc_record = "v=DMARC1; p=none; sp=none; fo=1; pct=50; adkim=r; " \
-                       "aspf=r; rf=afrf; ri=86400; " \
-                       "rua=mailto:eits.dmarcrua@energy.gov; " \
-                       "ruf=mailto:eits.dmarcruf@energy.gov"
-        domain = "energy.gov"
-        results = checkdmarc.parse_dmarc_record(dmarc_record, domain)
-        self.assertIn("pct value is less than 100",
-                      results["warnings"][0])
-
-     def testInvalidDMARCURI(self):
-         """An invalid DMARC report URI raises InvalidDMARCReportURI"""
- 
--- a/skip-network-tests.patch
+++ b/skip-network-tests.patch
@ -0,0 +1,58 @@
+--- tests.py~	2024-02-29 12:22:56.007309853 +1100
+++ tests.py	2024-02-29 12:25:49.618057933 +1100
+@@ -3,6 +3,7 @@
+ 
+ """Automated tests"""
+ 
+import os.path
+ import unittest
+ from collections import OrderedDict
+ 
+@@ -94,6 +95,7 @@
+ 
+         self.assertEqual(len(results["warnings"]), 0)
+ 
+    @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network")
+     def testSplitSPFRecord(self):
+         """Split SPF records are parsed properly"""
+ 
+@@ -129,6 +131,7 @@
+         self.assertRaises(checkdmarc.spf.SPFRecordNotFound,
+                           checkdmarc.spf.parse_spf_record, spf_record, domain)
+ 
+    @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network")
+     def testTooManySPFDNSLookups(self):
+         """SPF records with > 10 SPF mechanisms that cause DNS lookups raise
+         SPFTooManyDNSLookups"""
+@@ -144,6 +147,7 @@
+         self.assertRaises(checkdmarc.spf.SPFTooManyDNSLookups,
+                           checkdmarc.spf.parse_spf_record, spf_record, domain)
+ 
+    @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network")
+     def testTooManySPFVoidDNSLookups(self):
+         """SPF records with > 2 void DNS lookups"""
+ 
+@@ -216,6 +220,7 @@
+         self.assertRaises(checkdmarc.spf.SPFIncludeLoop,
+                           checkdmarc.spf.parse_spf_record, spf_record, domain)
+ 
+    @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network")
+     def testSPFMissingMXRecord(self):
+         """A warning is issued if an SPF record contains a mx mechanism
+         pointing to a domain that has no MX records"""
+@@ -226,6 +231,7 @@
+         self.assertIn("{0} does not have any MX records".format(domain),
+                       results["warnings"])
+ 
+    @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network")
+     def testSPFMissingARecord(self):
+         """A warning is issued if an SPF record contains a mx mechanism
+         pointing to a domain that has no A records"""
+@@ -236,6 +242,7 @@
+         self.assertIn("cardinalhealth.net does not have any A/AAAA records",
+                       results["warnings"])
+ 
+    @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network")
+     def testDMARCPctLessThan100Warning(self):
+         """A warning is issued if the DMARC pvt value is less than 100"""
+ 
--- a/tests.py
+++ b/tests.py
@ -1,6 +1,16 @@
+#!/usr/bin/env python3
+# -*- coding: utf-8 -*-
+
+"""Automated tests"""
+
 import unittest
+from collections import OrderedDict

 import checkdmarc
+import checkdmarc.utils
+import checkdmarc.spf
+import checkdmarc.dmarc
+import checkdmarc.dnssec

 known_good_domains = [
    "fbi.gov",
@ -34,12 +44,53 @@ class Test(unittest.TestCase):
                             "Known good domain {0} failed DMARC check:"
                             "\n\n{1}".format(result["domain"], dmarc_error))

+    def testDMARCMixedFormatting(self):
+        """DMARC records with extra spaces and mixed case are still valid"""
+        examples = [
+            "v=DMARC1;p=ReJect",
+            "v = DMARC1;p=reject;",
+            "v = DMARC1\t;\tp=reject\t;",
+            "v = DMARC1\t;\tp\t\t\t=\t\t\treject\t;",
+            "V=DMARC1;p=reject;"
+        ]
+
+        for example in examples:
+            parsed_record = checkdmarc.dmarc.parse_dmarc_record(example, "")
+            self.assertIsInstance(parsed_record, OrderedDict)
+
+    def testGetBaseDomain(self):
+        subdomain = "foo.example.com"
+        result = checkdmarc.utils.get_base_domain(subdomain)
+        assert result == "example.com"
+
+        # Test reserved domains
+        subdomain = "_dmarc.nonauth-rua.invalid.example"
+        result = checkdmarc.utils.get_base_domain(subdomain)
+        assert result == "invalid.example"
+
+        subdomain = "_dmarc.nonauth-rua.invalid.test"
+        result = checkdmarc.utils.get_base_domain(subdomain)
+        assert result == "invalid.test"
+
+        subdomain = "_dmarc.nonauth-rua.invalid.invalid"
+        result = checkdmarc.utils.get_base_domain(subdomain)
+        assert result == "invalid.invalid"
+
+        subdomain = "_dmarc.nonauth-rua.invalid.localhost"
+        result = checkdmarc.utils.get_base_domain(subdomain)
+        assert result == "invalid.localhost"
+
+        # Test newer PSL entries
+        subdomain = "e3191.c.akamaiedge.net"
+        result = checkdmarc.utils.get_base_domain(subdomain)
+        assert result == "c.akamaiedge.net"
+
    def testUppercaseSPFMechanism(self):
        """Treat uppercase SPF"SPF mechanisms as valid"""
        spf_record = "v=spf1 IP4:147.75.8.208 -ALL"
        domain = "example.no"

-        results = checkdmarc.parse_spf_record(spf_record, domain)
+        results = checkdmarc.spf.parse_spf_record(spf_record, domain)

        self.assertEqual(len(results["warnings"]), 0)

@ -48,7 +99,7 @@ class Test(unittest.TestCase):

        rec = '"v=spf1 ip4:147.75.8.208 " "include:_spf.salesforce.com -all"'

-        parsed_record = checkdmarc.parse_spf_record(rec, "example.com")
+        parsed_record = checkdmarc.spf.parse_spf_record(rec, "example.com")

        self.assertEqual(parsed_record["parsed"]["all"], "fail")

@ -57,12 +108,13 @@ class Test(unittest.TestCase):
        rec = "v=spf1 ip4:213.5.39.110 -all MS=83859DAEBD1978F9A7A67D3"
        domain = "avd.dk"

-        parsed_record = checkdmarc.parse_spf_record(rec, domain)
+        parsed_record = checkdmarc.spf.parse_spf_record(rec, domain)
        self.assertEqual(len(parsed_record["warnings"]), 1)

+    @unittest.skip
    def testDNSSEC(self):
        """Test known good DNSSEC"""
-        self.assertEqual(checkdmarc.test_dnssec("whalensolutions.com"), True)
+        self.assertEqual(checkdmarc.dnssec.test_dnssec("fbi.gov"), True)

    def testIncludeMissingSPF(self):
        """SPF records that include domains that are missing SPF records
@ -74,8 +126,8 @@ class Test(unittest.TestCase):
                     'include:mail2.dialogportal.com a:mailrelay.jppol.dk ' \
                     'a:sendmail.jppol.dk ?all"'
        domain = "ekstrabladet.dk"
-        self.assertRaises(checkdmarc.SPFRecordNotFound,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFRecordNotFound,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testTooManySPFDNSLookups(self):
        """SPF records with > 10 SPF mechanisms that cause DNS lookups raise
@ -89,8 +141,19 @@ class Test(unittest.TestCase):
                     "include:_spf.google.com " \
                     "~all"
        domain = "example.com"
-        self.assertRaises(checkdmarc.SPFTooManyDNSLookups,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFTooManyDNSLookups,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)
+
+    def testTooManySPFVoidDNSLookups(self):
+        """SPF records with > 2 void DNS lookups"""
+
+        spf_record = "v=spf1 a:13Mk4olS9VWhQqXRl90fKJrD.example.com " \
+                     "mx:SfGiqBnQfRbOMapQJhozxo2B.example.com " \
+                     "a:VAFeyU9N2KJX518aGsN3w6VS.example.com " \
+                     "~all"
+        domain = "example.com"
+        self.assertRaises(checkdmarc.spf.SPFTooManyVoidDNSLookups,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testSPFSyntaxErrors(self):
        """SPF record syntax errors raise SPFSyntaxError"""
@ -98,8 +161,8 @@ class Test(unittest.TestCase):
        spf_record = '"v=spf1 mx a:mail.cohaesio.net ' \
                     'include: trustpilotservice.com ~all"'
        domain = "2021.ai"
-        self.assertRaises(checkdmarc.SPFSyntaxError,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testSPFInvalidIPv4(self):
        """Invalid ipv4 SPF mechanism values raise SPFSyntaxError"""
@ -107,56 +170,70 @@ class Test(unittest.TestCase):
                     "+ip4:78.46.224.83 " \
                     "+ip4:relay.mailchannels.net +ip4:138.201.60.20 ~all"
        domain = "surftown.dk"
-        self.assertRaises(checkdmarc.SPFSyntaxError,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)
+
+    def testSPFInvalidIPv6inIPv4(self):
+        """Invalid ipv4 SPF mechanism values raise SPFSyntaxError"""
+        spf_record = "v=spf1 ip4:1200:0000:AB00:1234:0000:2552:7777:1313 ~all"
+        domain = "surftown.dk"
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testSPFInvalidIPv4Range(self):
        """Invalid ipv4 SPF mechanism values raise SPFSyntaxError"""
        spf_record = "v=spf1 ip4:78.46.96.236/99 ~all"
        domain = "surftown.dk"
-        self.assertRaises(checkdmarc.SPFSyntaxError,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testSPFInvalidIPv6(self):
        """Invalid ipv6 SPF mechanism values raise SPFSyntaxError"""
        spf_record = "v=spf1 ip6:1200:0000:AB00:1234:O000:2552:7777:1313 ~all"
        domain = "surftown.dk"
-        self.assertRaises(checkdmarc.SPFSyntaxError,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)
+
+    def testSPFInvalidIPv4inIPv6(self):
+        """Invalid ipv6 SPF mechanism values raise SPFSyntaxError"""
+        spf_record = "v=spf1 ip6:78.46.96.236 ~all"
+        domain = "surftown.dk"
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testSPFInvalidIPv6Range(self):
        """Invalid ipv6 SPF mechanism values raise SPFSyntaxError"""
        record = "v=spf1 ip6:1200:0000:AB00:1234:0000:2552:7777:1313/130 ~all"
        domain = "surftown.dk"
-        self.assertRaises(checkdmarc.SPFSyntaxError,
-                          checkdmarc.parse_spf_record, record, domain)
+        self.assertRaises(checkdmarc.spf.SPFSyntaxError,
+                          checkdmarc.spf.parse_spf_record, record, domain)

    def testSPFIncludeLoop(self):
        """SPF record with include loop raises SPFIncludeLoop"""

        spf_record = '"v=spf1 include:example.com"'
        domain = "example.com"
-        self.assertRaises(checkdmarc.SPFIncludeLoop,
-                          checkdmarc.parse_spf_record, spf_record, domain)
+        self.assertRaises(checkdmarc.spf.SPFIncludeLoop,
+                          checkdmarc.spf.parse_spf_record, spf_record, domain)

    def testSPFMissingMXRecord(self):
-        """A warning is issued if a SPF record contains a mx mechanism
+        """A warning is issued if an SPF record contains a mx mechanism
        pointing to a domain that has no MX records"""

        spf_record = '"v=spf1 mx ~all"'
        domain = "seanthegeek.net"
-        results = checkdmarc.parse_spf_record(spf_record, domain)
+        results = checkdmarc.spf.parse_spf_record(spf_record, domain)
        self.assertIn("{0} does not have any MX records".format(domain),
                      results["warnings"])

    def testSPFMissingARecord(self):
-        """A warning is issued if a SPF record contains a mx mechanism
+        """A warning is issued if an SPF record contains a mx mechanism
        pointing to a domain that has no A records"""

-        spf_record = '"v=spf1 include:_spf.bibsyst.no a mx ~all"'
-        domain = "sogne.folkebibl.no"
-        results = checkdmarc.parse_spf_record(spf_record, domain)
-        self.assertIn("sogne.folkebibl.no does not have any A/AAAA records",
+        spf_record = '"v=spf1 a ~all"'
+        domain = "cardinalhealth.net"
+        results = checkdmarc.spf.parse_spf_record(spf_record, domain)
+        self.assertIn("cardinalhealth.net does not have any A/AAAA records",
                      results["warnings"])

    def testDMARCPctLessThan100Warning(self):
@ -167,7 +244,7 @@ class Test(unittest.TestCase):
                       "rua=mailto:eits.dmarcrua@energy.gov; " \
                       "ruf=mailto:eits.dmarcruf@energy.gov"
        domain = "energy.gov"
-        results = checkdmarc.parse_dmarc_record(dmarc_record, domain)
+        results = checkdmarc.dmarc.parse_dmarc_record(dmarc_record, domain)
        self.assertIn("pct value is less than 100",
                      results["warnings"][0])

@ -177,34 +254,26 @@ class Test(unittest.TestCase):
        dmarc_record = "v=DMARC1; p=none; rua=reports@dmarc.cyber.dhs.gov," \
                       "mailto:dmarcreports@usdoj.gov"
        domain = "dea.gov"
-        self.assertRaises(checkdmarc.InvalidDMARCReportURI,
-                          checkdmarc.parse_dmarc_record, dmarc_record, domain)
+        self.assertRaises(checkdmarc.dmarc.InvalidDMARCReportURI,
+                          checkdmarc.dmarc.parse_dmarc_record, dmarc_record,
+                          domain)

        dmarc_record = "v=DMARC1; p=none; rua=__" \
                       "mailto:reports@dmarc.cyber.dhs.gov," \
                       "mailto:dmarcreports@usdoj.gov"
-        self.assertRaises(checkdmarc.InvalidDMARCReportURI,
-                          checkdmarc.parse_dmarc_record, dmarc_record, domain)
+        self.assertRaises(checkdmarc.dmarc.InvalidDMARCReportURI,
+                          checkdmarc.dmarc.parse_dmarc_record, dmarc_record,
+                          domain)

    def testInvalidDMARCPolicyValue(self):
        """An invalid DMARC policy value raises InvalidDMARCTagValue """
        dmarc_record = "v=DMARC1; p=foo; rua=mailto:dmarc@example.com"
        domain = "example.com"
-        self.assertRaises(checkdmarc.InvalidDMARCTagValue,
-                          checkdmarc.parse_dmarc_record,
+        self.assertRaises(checkdmarc.dmarc.InvalidDMARCTagValue,
+                          checkdmarc.dmarc.parse_dmarc_record,
                          dmarc_record,
                          domain)

-    def testInvalidDMARCfo(self):
-        """An invalid DMARC fo tag value raises InvalidDMARCTagValue"""
-
-        dmarc_record = "v=DMARC1;p=none;aspf=s;adkim=s;fo=0:1:d:s;" \
-                       "ruf=mailto:dmarcreports@omb.gov;" \
-                       "rua=mailto:dmarcreports@omb.gov"
-        domain = "omb.gov"
-        self.assertRaises(checkdmarc.InvalidDMARCTagValue,
-                          checkdmarc.parse_dmarc_record, dmarc_record, domain)
-

 if __name__ == "__main__":
    unittest.main(verbosity=2)