From 7f1ac1cbd438f6afdbbb9c6a3c8cf7d2ba6a7904ab10c415ad29fbbbcaa6abda Mon Sep 17 00:00:00 2001 From: Steve Kowalik Date: Thu, 29 Feb 2024 01:48:13 +0000 Subject: [PATCH] - Update to 5.3.1: * Ignore UnicodeDecodeError exceptions when querying for TXT records * Check DNSSEC on MX hostnames * USE DNSSEC when requesting DNSKEY records * Do not require an RRSIG answer when querying for DNSKEY records * Pass in nameservers and timeout when running get_dnskey recursively * Properly cache DNSKEY answers * Fix exception handling for query_mta_sts_record * Check for TLSA records * Add support for parsing SMTP TLS Reporting (RFC8460) DNS records * Add missing import dns.dnssec * Always use the actual subdomain or domain provided * Include MTA-STS and BIMI results in CSV output * Added the include_tag_descriptions parameter to checkdmarc.bimi.check_bimi() * Added the exception class MTASTSPolicyDownloadError * Major refactoring: Change from a single module to a package of modules, with each checked standard as its own package * Add support for MTA-STS RFC 8461 * Add support for BIMI * Specify a BIMI selector using the --bimi-selector/-b option * Fix SPF query error and warning messages * Add support for null MX records - RFC 7505 * Make DMARC retorting URI error messages more clear * Fix compatibility with Python 3.8 * SPFRecordNotFound exception now includes a domain argument * The DMARC missing authorization error message now includes the full expected DNS record * Properly parse DMARC and BIMI records for domains that do not have an identified base domain OBS-URL: https://build.opensuse.org/package/show/devel:languages:python/python-checkdmarc?expand=0&rev=5 --- LICENSE | 201 -------------------------------------- checkdmarc-4.4.1.tar.gz | 3 - checkdmarc-5.3.1.tar.gz | 3 + python-checkdmarc.changes | 62 ++++++++++++ python-checkdmarc.spec | 34 ++++--- skip-broken-tests.patch | 92 ----------------- skip-network-tests.patch | 58 +++++++++++ tests.py | 157 ++++++++++++++++++++--------- 8 files changed, 255 insertions(+), 355 deletions(-) delete mode 100644 LICENSE delete mode 100644 checkdmarc-4.4.1.tar.gz create mode 100644 checkdmarc-5.3.1.tar.gz delete mode 100644 skip-broken-tests.patch create mode 100644 skip-network-tests.patch diff --git a/LICENSE b/LICENSE deleted file mode 100644 index ed43975..0000000 --- a/LICENSE +++ /dev/null @@ -1,201 +0,0 @@ - Apache License - Version 2.0, January 2004 - http://www.apache.org/licenses/ - - TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION - - 1. Definitions. - - "License" shall mean the terms and conditions for use, reproduction, - and distribution as defined by Sections 1 through 9 of this document. - - "Licensor" shall mean the copyright owner or entity authorized by - the copyright owner that is granting the License. - - "Legal Entity" shall mean the union of the acting entity and all - other entities that control, are controlled by, or are under common - control with that entity. For the purposes of this definition, - "control" means (i) the power, direct or indirect, to cause the - direction or management of such entity, whether by contract or - otherwise, or (ii) ownership of fifty percent (50%) or more of the - outstanding shares, or (iii) beneficial ownership of such entity. - - "You" (or "Your") shall mean an individual or Legal Entity - exercising permissions granted by this License. - - "Source" form shall mean the preferred form for making modifications, - including but not limited to software source code, documentation - source, and configuration files. - - "Object" form shall mean any form resulting from mechanical - transformation or translation of a Source form, including but - not limited to compiled object code, generated documentation, - and conversions to other media types. - - "Work" shall mean the work of authorship, whether in Source or - Object form, made available under the License, as indicated by a - copyright notice that is included in or attached to the work - (an example is provided in the Appendix below). - - "Derivative Works" shall mean any work, whether in Source or Object - form, that is based on (or derived from) the Work and for which the - editorial revisions, annotations, elaborations, or other modifications - represent, as a whole, an original work of authorship. For the purposes - of this License, Derivative Works shall not include works that remain - separable from, or merely link (or bind by name) to the interfaces of, - the Work and Derivative Works thereof. - - "Contribution" shall mean any work of authorship, including - the original version of the Work and any modifications or additions - to that Work or Derivative Works thereof, that is intentionally - submitted to Licensor for inclusion in the Work by the copyright owner - or by an individual or Legal Entity authorized to submit on behalf of - the copyright owner. For the purposes of this definition, "submitted" - means any form of electronic, verbal, or written communication sent - to the Licensor or its representatives, including but not limited to - communication on electronic mailing lists, source code control systems, - and issue tracking systems that are managed by, or on behalf of, the - Licensor for the purpose of discussing and improving the Work, but - excluding communication that is conspicuously marked or otherwise - designated in writing by the copyright owner as "Not a Contribution." - - "Contributor" shall mean Licensor and any individual or Legal Entity - on behalf of whom a Contribution has been received by Licensor and - subsequently incorporated within the Work. - - 2. Grant of Copyright License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - copyright license to reproduce, prepare Derivative Works of, - publicly display, publicly perform, sublicense, and distribute the - Work and such Derivative Works in Source or Object form. - - 3. Grant of Patent License. Subject to the terms and conditions of - this License, each Contributor hereby grants to You a perpetual, - worldwide, non-exclusive, no-charge, royalty-free, irrevocable - (except as stated in this section) patent license to make, have made, - use, offer to sell, sell, import, and otherwise transfer the Work, - where such license applies only to those patent claims licensable - by such Contributor that are necessarily infringed by their - Contribution(s) alone or by combination of their Contribution(s) - with the Work to which such Contribution(s) was submitted. If You - institute patent litigation against any entity (including a - cross-claim or counterclaim in a lawsuit) alleging that the Work - or a Contribution incorporated within the Work constitutes direct - or contributory patent infringement, then any patent licenses - granted to You under this License for that Work shall terminate - as of the date such litigation is filed. - - 4. Redistribution. You may reproduce and distribute copies of the - Work or Derivative Works thereof in any medium, with or without - modifications, and in Source or Object form, provided that You - meet the following conditions: - - (a) You must give any other recipients of the Work or - Derivative Works a copy of this License; and - - (b) You must cause any modified files to carry prominent notices - stating that You changed the files; and - - (c) You must retain, in the Source form of any Derivative Works - that You distribute, all copyright, patent, trademark, and - attribution notices from the Source form of the Work, - excluding those notices that do not pertain to any part of - the Derivative Works; and - - (d) If the Work includes a "NOTICE" text file as part of its - distribution, then any Derivative Works that You distribute must - include a readable copy of the attribution notices contained - within such NOTICE file, excluding those notices that do not - pertain to any part of the Derivative Works, in at least one - of the following places: within a NOTICE text file distributed - as part of the Derivative Works; within the Source form or - documentation, if provided along with the Derivative Works; or, - within a display generated by the Derivative Works, if and - wherever such third-party notices normally appear. The contents - of the NOTICE file are for informational purposes only and - do not modify the License. You may add Your own attribution - notices within Derivative Works that You distribute, alongside - or as an addendum to the NOTICE text from the Work, provided - that such additional attribution notices cannot be construed - as modifying the License. - - You may add Your own copyright statement to Your modifications and - may provide additional or different license terms and conditions - for use, reproduction, or distribution of Your modifications, or - for any such Derivative Works as a whole, provided Your use, - reproduction, and distribution of the Work otherwise complies with - the conditions stated in this License. - - 5. Submission of Contributions. Unless You explicitly state otherwise, - any Contribution intentionally submitted for inclusion in the Work - by You to the Licensor shall be under the terms and conditions of - this License, without any additional terms or conditions. - Notwithstanding the above, nothing herein shall supersede or modify - the terms of any separate license agreement you may have executed - with Licensor regarding such Contributions. - - 6. Trademarks. This License does not grant permission to use the trade - names, trademarks, service marks, or product names of the Licensor, - except as required for reasonable and customary use in describing the - origin of the Work and reproducing the content of the NOTICE file. - - 7. Disclaimer of Warranty. Unless required by applicable law or - agreed to in writing, Licensor provides the Work (and each - Contributor provides its Contributions) on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or - implied, including, without limitation, any warranties or conditions - of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A - PARTICULAR PURPOSE. You are solely responsible for determining the - appropriateness of using or redistributing the Work and assume any - risks associated with Your exercise of permissions under this License. - - 8. Limitation of Liability. In no event and under no legal theory, - whether in tort (including negligence), contract, or otherwise, - unless required by applicable law (such as deliberate and grossly - negligent acts) or agreed to in writing, shall any Contributor be - liable to You for damages, including any direct, indirect, special, - incidental, or consequential damages of any character arising as a - result of this License or out of the use or inability to use the - Work (including but not limited to damages for loss of goodwill, - work stoppage, computer failure or malfunction, or any and all - other commercial damages or losses), even if such Contributor - has been advised of the possibility of such damages. - - 9. Accepting Warranty or Additional Liability. While redistributing - the Work or Derivative Works thereof, You may choose to offer, - and charge a fee for, acceptance of support, warranty, indemnity, - or other liability obligations and/or rights consistent with this - License. However, in accepting such obligations, You may act only - on Your own behalf and on Your sole responsibility, not on behalf - of any other Contributor, and only if You agree to indemnify, - defend, and hold each Contributor harmless for any liability - incurred by, or claims asserted against, such Contributor by reason - of your accepting any such warranty or additional liability. - - END OF TERMS AND CONDITIONS - - APPENDIX: How to apply the Apache License to your work. - - To apply the Apache License to your work, attach the following - boilerplate notice, with the fields enclosed by brackets "[]" - replaced with your own identifying information. (Don't include - the brackets!) The text should be enclosed in the appropriate - comment syntax for the file format. We also recommend that a - file or class name and description of purpose be included on the - same "printed page" as the copyright notice for easier - identification within third-party archives. - - Copyright [yyyy] [name of copyright owner] - - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. diff --git a/checkdmarc-4.4.1.tar.gz b/checkdmarc-4.4.1.tar.gz deleted file mode 100644 index 9dbb266..0000000 --- a/checkdmarc-4.4.1.tar.gz +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:e92ba8c34dffea8d48409de77cd48d1f0c1b72ba8fc1ac54f537e9146d0212a5 -size 22930 diff --git a/checkdmarc-5.3.1.tar.gz b/checkdmarc-5.3.1.tar.gz new file mode 100644 index 0000000..7eb54d8 --- /dev/null +++ b/checkdmarc-5.3.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:1d71e7fa611fa8faa36fad09416b5e2c3265d026d3b5209c051f4e292565e332 +size 36307 diff --git a/python-checkdmarc.changes b/python-checkdmarc.changes index c125e3d..a6d95ca 100644 --- a/python-checkdmarc.changes +++ b/python-checkdmarc.changes @@ -1,3 +1,65 @@ +------------------------------------------------------------------- +Thu Feb 29 01:43:19 UTC 2024 - Steve Kowalik + +- Update to 5.3.1: + * Ignore UnicodeDecodeError exceptions when querying for TXT records + * Check DNSSEC on MX hostnames + * USE DNSSEC when requesting DNSKEY records + * Do not require an RRSIG answer when querying for DNSKEY records + * Pass in nameservers and timeout when running get_dnskey recursively + * Properly cache DNSKEY answers + * Fix exception handling for query_mta_sts_record + * Check for TLSA records + * Add support for parsing SMTP TLS Reporting (RFC8460) DNS records + * Add missing import dns.dnssec + * Always use the actual subdomain or domain provided + * Include MTA-STS and BIMI results in CSV output + * Added the include_tag_descriptions parameter to + checkdmarc.bimi.check_bimi() + * Added the exception class MTASTSPolicyDownloadError + * Major refactoring: Change from a single module to a package of modules, + with each checked standard as its own package + * Add support for MTA-STS RFC 8461 + * Add support for BIMI + * Specify a BIMI selector using the --bimi-selector/-b option + * Fix SPF query error and warning messages + * Add support for null MX records - RFC 7505 + * Make DMARC retorting URI error messages more clear + * Fix compatibility with Python 3.8 + * SPFRecordNotFound exception now includes a domain argument + * The DMARC missing authorization error message now includes the full + expected DNS record + * Properly parse DMARC and BIMI records for domains that do not have an + identified base domain + * Add ignore_unrelated_records argument to query_dmarc_record() + * Replace publicsuffix2 with publicsuffixlist + * Maintain the original character case of the DMARC record + * Always treat tag names as lowercase + * Always treat the DMARC v tag value as if it was uppercase + * Always treat the DMARC p, and fo tag values as if they were lowercase + * Always treat URI schemes as lowercase, but maintain the case of the address + * Ignore case and whitespace when parsing DMARC and BIMI key=value pairs + * Handle missing PTR records more gracefully + * Redundant DMARC fo tag values now result in a warning + * Detect non-trivial loops + * Raise a SPFSyntaxError exception when an IP address and IP version do + not match + * Fix raising the DMARCRecordNotFound exception when a DMARC record does + not exist + * Add void lookup limit + * Add Support for User Defined DNS Resolver Object + * Fix DNS caching + * Fix CSV output + * Always parse RUA and RUF fields, even if other parts of the record are + invalid + * Migrate build from setuptools to hatch +- Stop shipping LICENSE, now included directly. +- Refresh tests.py from upstream. +- Switch to pyproject and patch macros. +- No more greedy globs in %files. +- Drop skip-broken-tests.patch, not required. +- Add patch skip-network-tests.patch, skip tests that require network access. + ------------------------------------------------------------------- Wed Jul 21 10:20:44 UTC 2021 - Matej Cepl diff --git a/python-checkdmarc.spec b/python-checkdmarc.spec index f4861bf..e418e27 100644 --- a/python-checkdmarc.spec +++ b/python-checkdmarc.spec @@ -1,7 +1,7 @@ # # spec file for package python-checkdmarc # -# Copyright (c) 2021 SUSE LLC +# Copyright (c) 2024 SUSE LLC # Copyright (c) 2021, Martin Hauke # # All modifications and additions to the file contributed by third parties @@ -17,31 +17,34 @@ # -%{?!python_module:%define python_module() python-%{**} python3-%{**}} Name: python-checkdmarc -Version: 4.4.1 +Version: 5.3.1 Release: 0 Summary: A Python module and command line parser for SPF and DMARC records License: Apache-2.0 URL: https://domainaware.github.io/checkdmarc Source: https://files.pythonhosted.org/packages/source/c/checkdmarc/checkdmarc-%{version}.tar.gz -Source1: https://raw.githubusercontent.com/domainaware/checkdmarc/master/LICENSE -Source2: https://raw.githubusercontent.com/domainaware/checkdmarc/master/tests.py -Patch0: skip-broken-tests.patch -BuildRequires: %{python_module setuptools} +Source1: https://raw.githubusercontent.com/domainaware/checkdmarc/master/tests.py +Patch0: skip-network-tests.patch +BuildRequires: %{python_module hatchling} +BuildRequires: %{python_module pip} +BuildRequires: %{python_module wheel} BuildRequires: fdupes BuildRequires: python-rpm-macros +Requires: python-cryptography Requires: python-dnspython >= 2.0.0 Requires: python-expiringdict >= 1.1.4 -Requires: python-publicsuffix2 >= 2.20191221 +Requires: python-publicsuffixlist Requires: python-pyleri >= 1.3.2 Requires: python-requests >= 2.25.0 Requires: python-timeout-decorator >= 0.4.1 +Requires(post): update-alternatives +Requires(postun): update-alternatives BuildArch: noarch # SECTION test requirements BuildRequires: %{python_module dnspython >= 2.0.0} BuildRequires: %{python_module expiringdict >= 1.1.4} -BuildRequires: %{python_module publicsuffix2 >= 2.20191221} +BuildRequires: %{python_module publicsuffixlist} BuildRequires: %{python_module pyleri >= 1.3.2} BuildRequires: %{python_module requests >= 2.25.0} BuildRequires: %{python_module timeout-decorator >= 0.4.1} @@ -53,14 +56,14 @@ A Python module and command line parser for SPF and DMARC records. %prep %setup -q -n checkdmarc-%{version} -cp %{SOURCE1} %{SOURCE2} . -%patch0 -p1 +cp %{SOURCE1} . +%patch -P 0 -p0 %build -%python_build +%pyproject_wheel %install -%python_install +%pyproject_install %python_clone -a %{buildroot}%{_bindir}/checkdmarc %python_expand %fdupes %{buildroot}%{$python_sitelib} @@ -75,8 +78,9 @@ cp %{SOURCE1} %{SOURCE2} . %files %{python_files} %license LICENSE -%doc README.rst +%doc README.md %python_alternative %{_bindir}/checkdmarc -%{python_sitelib}/* +%{python_sitelib}/checkdmarc +%{python_sitelib}/checkdmarc-%{version}.dist-info %changelog diff --git a/skip-broken-tests.patch b/skip-broken-tests.patch deleted file mode 100644 index d9fa7c3..0000000 --- a/skip-broken-tests.patch +++ /dev/null @@ -1,92 +0,0 @@ -diff --git a/tests.py b/tests.py -index 803a04c..56c70e2 100644 ---- a/tests.py -+++ b/tests.py -@@ -43,15 +43,6 @@ class Test(unittest.TestCase): - - self.assertEqual(len(results["warnings"]), 0) - -- def testSplitSPFRecord(self): -- """Split SPF records are parsed properly""" -- -- rec = '"v=spf1 ip4:147.75.8.208 " "include:_spf.salesforce.com -all"' -- -- parsed_record = checkdmarc.parse_spf_record(rec, "example.com") -- -- self.assertEqual(parsed_record["parsed"]["all"], "fail") -- - def testJunkAfterAll(self): - """Ignore any mechanisms after the all mechanism, but warn about it""" - rec = "v=spf1 ip4:213.5.39.110 -all MS=83859DAEBD1978F9A7A67D3" -@@ -60,10 +51,6 @@ class Test(unittest.TestCase): - parsed_record = checkdmarc.parse_spf_record(rec, domain) - self.assertEqual(len(parsed_record["warnings"]), 1) - -- def testDNSSEC(self): -- """Test known good DNSSEC""" -- self.assertEqual(checkdmarc.test_dnssec("whalensolutions.com"), True) -- - def testIncludeMissingSPF(self): - """SPF records that include domains that are missing SPF records - raise SPFRecordNotFound""" -@@ -77,21 +64,6 @@ class Test(unittest.TestCase): - self.assertRaises(checkdmarc.SPFRecordNotFound, - checkdmarc.parse_spf_record, spf_record, domain) - -- def testTooManySPFDNSLookups(self): -- """SPF records with > 10 SPF mechanisms that cause DNS lookups raise -- SPFTooManyDNSLookups""" -- -- spf_record = "v=spf1 a include:_spf.salesforce.com " \ -- "include:spf.protection.outlook.com " \ -- "include:spf.constantcontact.com " \ -- "include:_spf.elasticemail.com " \ -- "include:servers.mcsv.net " \ -- "include:_spf.google.com " \ -- "~all" -- domain = "example.com" -- self.assertRaises(checkdmarc.SPFTooManyDNSLookups, -- checkdmarc.parse_spf_record, spf_record, domain) -- - def testSPFSyntaxErrors(self): - """SPF record syntax errors raise SPFSyntaxError""" - -@@ -139,38 +111,6 @@ class Test(unittest.TestCase): - self.assertRaises(checkdmarc.SPFIncludeLoop, - checkdmarc.parse_spf_record, spf_record, domain) - -- def testSPFMissingMXRecord(self): -- """A warning is issued if a SPF record contains a mx mechanism -- pointing to a domain that has no MX records""" -- -- spf_record = '"v=spf1 mx ~all"' -- domain = "seanthegeek.net" -- results = checkdmarc.parse_spf_record(spf_record, domain) -- self.assertIn("{0} does not have any MX records".format(domain), -- results["warnings"]) -- -- def testSPFMissingARecord(self): -- """A warning is issued if a SPF record contains a mx mechanism -- pointing to a domain that has no A records""" -- -- spf_record = '"v=spf1 include:_spf.bibsyst.no a mx ~all"' -- domain = "sogne.folkebibl.no" -- results = checkdmarc.parse_spf_record(spf_record, domain) -- self.assertIn("sogne.folkebibl.no does not have any A/AAAA records", -- results["warnings"]) -- -- def testDMARCPctLessThan100Warning(self): -- """A warning is issued if the DMARC pvt value is less than 100""" -- -- dmarc_record = "v=DMARC1; p=none; sp=none; fo=1; pct=50; adkim=r; " \ -- "aspf=r; rf=afrf; ri=86400; " \ -- "rua=mailto:eits.dmarcrua@energy.gov; " \ -- "ruf=mailto:eits.dmarcruf@energy.gov" -- domain = "energy.gov" -- results = checkdmarc.parse_dmarc_record(dmarc_record, domain) -- self.assertIn("pct value is less than 100", -- results["warnings"][0]) -- - def testInvalidDMARCURI(self): - """An invalid DMARC report URI raises InvalidDMARCReportURI""" - diff --git a/skip-network-tests.patch b/skip-network-tests.patch new file mode 100644 index 0000000..245176a --- /dev/null +++ b/skip-network-tests.patch @@ -0,0 +1,58 @@ +--- tests.py~ 2024-02-29 12:22:56.007309853 +1100 ++++ tests.py 2024-02-29 12:25:49.618057933 +1100 +@@ -3,6 +3,7 @@ + + """Automated tests""" + ++import os.path + import unittest + from collections import OrderedDict + +@@ -94,6 +95,7 @@ + + self.assertEqual(len(results["warnings"]), 0) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testSplitSPFRecord(self): + """Split SPF records are parsed properly""" + +@@ -129,6 +131,7 @@ + self.assertRaises(checkdmarc.spf.SPFRecordNotFound, + checkdmarc.spf.parse_spf_record, spf_record, domain) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testTooManySPFDNSLookups(self): + """SPF records with > 10 SPF mechanisms that cause DNS lookups raise + SPFTooManyDNSLookups""" +@@ -144,6 +147,7 @@ + self.assertRaises(checkdmarc.spf.SPFTooManyDNSLookups, + checkdmarc.spf.parse_spf_record, spf_record, domain) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testTooManySPFVoidDNSLookups(self): + """SPF records with > 2 void DNS lookups""" + +@@ -216,6 +220,7 @@ + self.assertRaises(checkdmarc.spf.SPFIncludeLoop, + checkdmarc.spf.parse_spf_record, spf_record, domain) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testSPFMissingMXRecord(self): + """A warning is issued if an SPF record contains a mx mechanism + pointing to a domain that has no MX records""" +@@ -226,6 +231,7 @@ + self.assertIn("{0} does not have any MX records".format(domain), + results["warnings"]) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testSPFMissingARecord(self): + """A warning is issued if an SPF record contains a mx mechanism + pointing to a domain that has no A records""" +@@ -236,6 +242,7 @@ + self.assertIn("cardinalhealth.net does not have any A/AAAA records", + results["warnings"]) + ++ @unittest.skipUnless(os.path.exists("/etc/resolv.conf"), "no network") + def testDMARCPctLessThan100Warning(self): + """A warning is issued if the DMARC pvt value is less than 100""" + diff --git a/tests.py b/tests.py index 9b06117..e175d6a 100644 --- a/tests.py +++ b/tests.py @@ -1,6 +1,16 @@ +#!/usr/bin/env python3 +# -*- coding: utf-8 -*- + +"""Automated tests""" + import unittest +from collections import OrderedDict import checkdmarc +import checkdmarc.utils +import checkdmarc.spf +import checkdmarc.dmarc +import checkdmarc.dnssec known_good_domains = [ "fbi.gov", @@ -34,12 +44,53 @@ class Test(unittest.TestCase): "Known good domain {0} failed DMARC check:" "\n\n{1}".format(result["domain"], dmarc_error)) + def testDMARCMixedFormatting(self): + """DMARC records with extra spaces and mixed case are still valid""" + examples = [ + "v=DMARC1;p=ReJect", + "v = DMARC1;p=reject;", + "v = DMARC1\t;\tp=reject\t;", + "v = DMARC1\t;\tp\t\t\t=\t\t\treject\t;", + "V=DMARC1;p=reject;" + ] + + for example in examples: + parsed_record = checkdmarc.dmarc.parse_dmarc_record(example, "") + self.assertIsInstance(parsed_record, OrderedDict) + + def testGetBaseDomain(self): + subdomain = "foo.example.com" + result = checkdmarc.utils.get_base_domain(subdomain) + assert result == "example.com" + + # Test reserved domains + subdomain = "_dmarc.nonauth-rua.invalid.example" + result = checkdmarc.utils.get_base_domain(subdomain) + assert result == "invalid.example" + + subdomain = "_dmarc.nonauth-rua.invalid.test" + result = checkdmarc.utils.get_base_domain(subdomain) + assert result == "invalid.test" + + subdomain = "_dmarc.nonauth-rua.invalid.invalid" + result = checkdmarc.utils.get_base_domain(subdomain) + assert result == "invalid.invalid" + + subdomain = "_dmarc.nonauth-rua.invalid.localhost" + result = checkdmarc.utils.get_base_domain(subdomain) + assert result == "invalid.localhost" + + # Test newer PSL entries + subdomain = "e3191.c.akamaiedge.net" + result = checkdmarc.utils.get_base_domain(subdomain) + assert result == "c.akamaiedge.net" + def testUppercaseSPFMechanism(self): """Treat uppercase SPF"SPF mechanisms as valid""" spf_record = "v=spf1 IP4:147.75.8.208 -ALL" domain = "example.no" - results = checkdmarc.parse_spf_record(spf_record, domain) + results = checkdmarc.spf.parse_spf_record(spf_record, domain) self.assertEqual(len(results["warnings"]), 0) @@ -48,7 +99,7 @@ class Test(unittest.TestCase): rec = '"v=spf1 ip4:147.75.8.208 " "include:_spf.salesforce.com -all"' - parsed_record = checkdmarc.parse_spf_record(rec, "example.com") + parsed_record = checkdmarc.spf.parse_spf_record(rec, "example.com") self.assertEqual(parsed_record["parsed"]["all"], "fail") @@ -57,12 +108,13 @@ class Test(unittest.TestCase): rec = "v=spf1 ip4:213.5.39.110 -all MS=83859DAEBD1978F9A7A67D3" domain = "avd.dk" - parsed_record = checkdmarc.parse_spf_record(rec, domain) + parsed_record = checkdmarc.spf.parse_spf_record(rec, domain) self.assertEqual(len(parsed_record["warnings"]), 1) + @unittest.skip def testDNSSEC(self): """Test known good DNSSEC""" - self.assertEqual(checkdmarc.test_dnssec("whalensolutions.com"), True) + self.assertEqual(checkdmarc.dnssec.test_dnssec("fbi.gov"), True) def testIncludeMissingSPF(self): """SPF records that include domains that are missing SPF records @@ -74,8 +126,8 @@ class Test(unittest.TestCase): 'include:mail2.dialogportal.com a:mailrelay.jppol.dk ' \ 'a:sendmail.jppol.dk ?all"' domain = "ekstrabladet.dk" - self.assertRaises(checkdmarc.SPFRecordNotFound, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFRecordNotFound, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testTooManySPFDNSLookups(self): """SPF records with > 10 SPF mechanisms that cause DNS lookups raise @@ -89,8 +141,19 @@ class Test(unittest.TestCase): "include:_spf.google.com " \ "~all" domain = "example.com" - self.assertRaises(checkdmarc.SPFTooManyDNSLookups, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFTooManyDNSLookups, + checkdmarc.spf.parse_spf_record, spf_record, domain) + + def testTooManySPFVoidDNSLookups(self): + """SPF records with > 2 void DNS lookups""" + + spf_record = "v=spf1 a:13Mk4olS9VWhQqXRl90fKJrD.example.com " \ + "mx:SfGiqBnQfRbOMapQJhozxo2B.example.com " \ + "a:VAFeyU9N2KJX518aGsN3w6VS.example.com " \ + "~all" + domain = "example.com" + self.assertRaises(checkdmarc.spf.SPFTooManyVoidDNSLookups, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testSPFSyntaxErrors(self): """SPF record syntax errors raise SPFSyntaxError""" @@ -98,8 +161,8 @@ class Test(unittest.TestCase): spf_record = '"v=spf1 mx a:mail.cohaesio.net ' \ 'include: trustpilotservice.com ~all"' domain = "2021.ai" - self.assertRaises(checkdmarc.SPFSyntaxError, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testSPFInvalidIPv4(self): """Invalid ipv4 SPF mechanism values raise SPFSyntaxError""" @@ -107,56 +170,70 @@ class Test(unittest.TestCase): "+ip4:78.46.224.83 " \ "+ip4:relay.mailchannels.net +ip4:138.201.60.20 ~all" domain = "surftown.dk" - self.assertRaises(checkdmarc.SPFSyntaxError, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, spf_record, domain) + + def testSPFInvalidIPv6inIPv4(self): + """Invalid ipv4 SPF mechanism values raise SPFSyntaxError""" + spf_record = "v=spf1 ip4:1200:0000:AB00:1234:0000:2552:7777:1313 ~all" + domain = "surftown.dk" + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testSPFInvalidIPv4Range(self): """Invalid ipv4 SPF mechanism values raise SPFSyntaxError""" spf_record = "v=spf1 ip4:78.46.96.236/99 ~all" domain = "surftown.dk" - self.assertRaises(checkdmarc.SPFSyntaxError, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testSPFInvalidIPv6(self): """Invalid ipv6 SPF mechanism values raise SPFSyntaxError""" spf_record = "v=spf1 ip6:1200:0000:AB00:1234:O000:2552:7777:1313 ~all" domain = "surftown.dk" - self.assertRaises(checkdmarc.SPFSyntaxError, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, spf_record, domain) + + def testSPFInvalidIPv4inIPv6(self): + """Invalid ipv6 SPF mechanism values raise SPFSyntaxError""" + spf_record = "v=spf1 ip6:78.46.96.236 ~all" + domain = "surftown.dk" + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testSPFInvalidIPv6Range(self): """Invalid ipv6 SPF mechanism values raise SPFSyntaxError""" record = "v=spf1 ip6:1200:0000:AB00:1234:0000:2552:7777:1313/130 ~all" domain = "surftown.dk" - self.assertRaises(checkdmarc.SPFSyntaxError, - checkdmarc.parse_spf_record, record, domain) + self.assertRaises(checkdmarc.spf.SPFSyntaxError, + checkdmarc.spf.parse_spf_record, record, domain) def testSPFIncludeLoop(self): """SPF record with include loop raises SPFIncludeLoop""" spf_record = '"v=spf1 include:example.com"' domain = "example.com" - self.assertRaises(checkdmarc.SPFIncludeLoop, - checkdmarc.parse_spf_record, spf_record, domain) + self.assertRaises(checkdmarc.spf.SPFIncludeLoop, + checkdmarc.spf.parse_spf_record, spf_record, domain) def testSPFMissingMXRecord(self): - """A warning is issued if a SPF record contains a mx mechanism + """A warning is issued if an SPF record contains a mx mechanism pointing to a domain that has no MX records""" spf_record = '"v=spf1 mx ~all"' domain = "seanthegeek.net" - results = checkdmarc.parse_spf_record(spf_record, domain) + results = checkdmarc.spf.parse_spf_record(spf_record, domain) self.assertIn("{0} does not have any MX records".format(domain), results["warnings"]) def testSPFMissingARecord(self): - """A warning is issued if a SPF record contains a mx mechanism + """A warning is issued if an SPF record contains a mx mechanism pointing to a domain that has no A records""" - spf_record = '"v=spf1 include:_spf.bibsyst.no a mx ~all"' - domain = "sogne.folkebibl.no" - results = checkdmarc.parse_spf_record(spf_record, domain) - self.assertIn("sogne.folkebibl.no does not have any A/AAAA records", + spf_record = '"v=spf1 a ~all"' + domain = "cardinalhealth.net" + results = checkdmarc.spf.parse_spf_record(spf_record, domain) + self.assertIn("cardinalhealth.net does not have any A/AAAA records", results["warnings"]) def testDMARCPctLessThan100Warning(self): @@ -167,7 +244,7 @@ class Test(unittest.TestCase): "rua=mailto:eits.dmarcrua@energy.gov; " \ "ruf=mailto:eits.dmarcruf@energy.gov" domain = "energy.gov" - results = checkdmarc.parse_dmarc_record(dmarc_record, domain) + results = checkdmarc.dmarc.parse_dmarc_record(dmarc_record, domain) self.assertIn("pct value is less than 100", results["warnings"][0]) @@ -177,34 +254,26 @@ class Test(unittest.TestCase): dmarc_record = "v=DMARC1; p=none; rua=reports@dmarc.cyber.dhs.gov," \ "mailto:dmarcreports@usdoj.gov" domain = "dea.gov" - self.assertRaises(checkdmarc.InvalidDMARCReportURI, - checkdmarc.parse_dmarc_record, dmarc_record, domain) + self.assertRaises(checkdmarc.dmarc.InvalidDMARCReportURI, + checkdmarc.dmarc.parse_dmarc_record, dmarc_record, + domain) dmarc_record = "v=DMARC1; p=none; rua=__" \ "mailto:reports@dmarc.cyber.dhs.gov," \ "mailto:dmarcreports@usdoj.gov" - self.assertRaises(checkdmarc.InvalidDMARCReportURI, - checkdmarc.parse_dmarc_record, dmarc_record, domain) + self.assertRaises(checkdmarc.dmarc.InvalidDMARCReportURI, + checkdmarc.dmarc.parse_dmarc_record, dmarc_record, + domain) def testInvalidDMARCPolicyValue(self): """An invalid DMARC policy value raises InvalidDMARCTagValue """ dmarc_record = "v=DMARC1; p=foo; rua=mailto:dmarc@example.com" domain = "example.com" - self.assertRaises(checkdmarc.InvalidDMARCTagValue, - checkdmarc.parse_dmarc_record, + self.assertRaises(checkdmarc.dmarc.InvalidDMARCTagValue, + checkdmarc.dmarc.parse_dmarc_record, dmarc_record, domain) - def testInvalidDMARCfo(self): - """An invalid DMARC fo tag value raises InvalidDMARCTagValue""" - - dmarc_record = "v=DMARC1;p=none;aspf=s;adkim=s;fo=0:1:d:s;" \ - "ruf=mailto:dmarcreports@omb.gov;" \ - "rua=mailto:dmarcreports@omb.gov" - domain = "omb.gov" - self.assertRaises(checkdmarc.InvalidDMARCTagValue, - checkdmarc.parse_dmarc_record, dmarc_record, domain) - if __name__ == "__main__": unittest.main(verbosity=2)