coppertone 0.0.1

data/lib/coppertone/mechanism/domain_spec_optional.rb

@@ -0,0 +1,46 @@
+require 'coppertone/mechanism/domain_spec_mechanism'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    class DomainSpecOptional < DomainSpecMechanism
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      def initialize(attributes)
+        return if attributes.blank?
+        raw_domain_spec = trim_domain_spec(attributes)
+        @domain_spec = Coppertone::DomainSpec.new(raw_domain_spec)
+      rescue Coppertone::MacroStringParsingError
+        raise Coppertone::InvalidMechanismError
+      end
+
+      def match?(macro_context, request_context)
+        request_context.register_dns_lookup_term
+        target_name = generate_target_name(macro_context, request_context)
+        if target_name
+          match_target_name(macro_context, request_context, target_name)
+        else
+          handle_invalid_domain(macro_context, request_context)
+        end
+      end
+
+      def generate_target_name(macro_context, request_context)
+        if domain_spec
+          target_name_from_domain_spec(macro_context, request_context)
+        else
+          macro_context.domain
+        end
+      end
+
+      def handle_invalid_domain(_macro_context, _options)
+        fail RecordParsingError
+      end
+
+      def ==(other)
+        return false unless other.instance_of? self.class
+        domain_spec == other.domain_spec
+      end
+    end
+  end
+end

data/lib/coppertone/mechanism/domain_spec_required.rb

@@ -0,0 +1,37 @@
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    class DomainSpecRequired < DomainSpecMechanism
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      def initialize(attributes)
+        raw_domain_spec = trim_domain_spec(attributes)
+        fail InvalidMechanismError if raw_domain_spec.blank?
+        @domain_spec = Coppertone::DomainSpec.new(raw_domain_spec)
+      rescue Coppertone::MacroStringParsingError
+        raise Coppertone::InvalidMechanismError
+      end
+
+      def match?(macro_context, request_context)
+        request_context.register_dns_lookup_term
+        target_name =
+          target_name_from_domain_spec(macro_context, request_context)
+        if target_name
+          match_target_name(macro_context, request_context, target_name)
+        else
+          handle_invalid_domain(macro_context, request_context)
+        end
+      end
+
+      def handle_invalid_domain(_macro_context, _options)
+        fail RecordParsingError
+      end
+
+      def ==(other)
+        return false unless other.instance_of? self.class
+        domain_spec == other.domain_spec
+      end
+    end
+  end
+end

data/lib/coppertone/mechanism/domain_spec_with_dual_cidr.rb

@@ -0,0 +1,114 @@
+require 'coppertone/mechanism/domain_spec_mechanism'
+require 'ipaddr'
+require 'coppertone/mechanism/cidr_parser'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    class DomainSpecWithDualCidr < DomainSpecMechanism
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      def initialize(attributes)
+        return if attributes.blank?
+        parse_argument(attributes)
+      rescue Coppertone::MacroStringParsingError
+        raise Coppertone::InvalidMechanismError
+      end
+
+      def ip_v4_cidr_length
+        @ip_v4_cidr_length ||= 32
+      end
+
+      def ip_v6_cidr_length
+        @ip_v6_cidr_length ||= 128
+      end
+
+      def cidr_length(macro_context)
+        if macro_context.original_ip_v6?
+          ip_v6_cidr_length
+        else
+          ip_v4_cidr_length
+        end
+      end
+
+      def match?(macro_context, request_context)
+        request_context.register_dns_lookup_term
+        target_name = generate_target_name(macro_context, request_context)
+        if target_name
+          match_target_name(macro_context, request_context, target_name)
+        else
+          handle_invalid_domain(macro_context, request_context)
+        end
+      end
+
+      CIDR_REGEXP = %r{(/(\d*))?(//(\d*))?\z}
+      def parse_argument(attributes)
+        fail InvalidMechanismError if attributes.blank?
+        cidr_matches = CIDR_REGEXP.match(attributes)
+        macro_string, raw_ip_v4_cidr_length, raw_ip_v6_cidr_length =
+          clean_matches(attributes, cidr_matches)
+        process_matches(macro_string, raw_ip_v4_cidr_length,
+                        raw_ip_v6_cidr_length)
+      end
+
+      def parse_domain_spec(attributes, domain_spec_end)
+        return nil if attributes.blank?
+        cand = attributes[0..domain_spec_end]
+        return nil if cand.blank?
+        cand = trim_domain_spec(cand)
+        # At this point we've ascertained that there is
+        # a body to the domain spec
+        fail InvalidMechanismError if cand.blank?
+        cand
+      end
+
+      def clean_matches(attributes, cidr_matches)
+        if cidr_matches
+          raw_ip_v4_cidr_length = cidr_matches[2] unless cidr_matches[2].blank?
+          raw_ip_v6_cidr_length = cidr_matches[4] unless cidr_matches[4].blank?
+          term = cidr_matches[0]
+          domain_spec_end = term.blank? ? -1 : (-1 - term.length)
+        else
+          domain_spec_end = -1
+        end
+        macro_string = parse_domain_spec(attributes, domain_spec_end)
+        [macro_string, raw_ip_v4_cidr_length, raw_ip_v6_cidr_length]
+      end
+
+      def process_matches(macro_string, raw_ip_v4_cidr_length,
+                          raw_ip_v6_cidr_length)
+        @domain_spec = Coppertone::DomainSpec.new(macro_string) if macro_string
+        parse_v4_cidr_length(raw_ip_v4_cidr_length)
+        parse_v6_cidr_length(raw_ip_v6_cidr_length)
+      end
+
+      def parse_v4_cidr_length(raw_length)
+        @ip_v4_cidr_length = CidrParser.parse(raw_length, 32)
+      end
+
+      def parse_v6_cidr_length(raw_length)
+        @ip_v6_cidr_length = CidrParser.parse(raw_length, 128)
+      end
+
+      def generate_target_name(macro_context, request_context)
+        if domain_spec
+          target_name_from_domain_spec(macro_context, request_context)
+        else
+          macro_context.domain
+        end
+      end
+
+      def handle_invalid_domain(_macro_context, _options)
+        fail RecordParsingError
+      end
+
+      def ==(other)
+        return false unless other.instance_of? self.class
+        domain_spec == other.domain_spec &&
+        ip_v4_cidr_length == other.ip_v4_cidr_length &&
+        ip_v6_cidr_length == other.ip_v6_cidr_length
+      end
+    end
+  end
+end

data/lib/coppertone/mechanism/exists.rb

@@ -0,0 +1,14 @@
+require 'coppertone/mechanism/domain_spec_required'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the exists mechanism.
+    class Exists < DomainSpecRequired
+      def match_target_name(_macro_context, request_context, target_name)
+        records = request_context.dns_client.fetch_a_records(target_name)
+        records.any?
+      end
+    end
+    register('exists', Coppertone::Mechanism::Exists)
+  end
+end

data/lib/coppertone/mechanism/include.rb

@@ -0,0 +1,18 @@
+require 'coppertone/mechanism/domain_spec_required'
+require 'coppertone/mechanism/include_matcher'
+require 'coppertone/record_finder'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the include mechanism.
+    class Include < DomainSpecRequired
+      def match_target_name(macro_context, request_context, target_name)
+        context_for_include = macro_context.with_domain(target_name)
+        record =
+          RecordFinder.new(request_context.dns_client, target_name).record
+        IncludeMatcher.new(record).match?(context_for_include, request_context)
+      end
+    end
+    register('include', Coppertone::Mechanism::Include)
+  end
+end

data/lib/coppertone/mechanism/include_matcher.rb

@@ -0,0 +1,34 @@
+require 'coppertone/record_evaluator'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the include mechanism.
+    class IncludeMatcher
+      # Evaluates records that are referenced via an include
+      class IncludeRecordEvaluator < Coppertone::RecordEvaluator
+        def evaluate_fail_result(result, _m, _r)
+          result
+        end
+
+        def evaluate_none_result(result, m, r)
+          new_result = super
+          return new_result unless new_result.none?
+          fail Coppertone::NoneIncludeResultError
+        end
+      end
+
+      attr_reader :record
+      def initialize(record)
+        @record = record
+      end
+
+      def match?(macro_context, request_context)
+        fail Coppertone::NoneIncludeResultError if record.nil?
+        record_result =
+          IncludeRecordEvaluator.new(record)
+            .evaluate(macro_context, request_context)
+        record_result.pass?
+      end
+    end
+  end
+end

data/lib/coppertone/mechanism/ip4.rb

@@ -0,0 +1,13 @@
+require 'coppertone/mechanism/ip_mechanism'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the ip4 mechanism.
+    class IP4 < IPMechanism
+      def ip_for_match(macro_context)
+        macro_context.ip_v4
+      end
+    end
+    register('ip4', Coppertone::Mechanism::IP4)
+  end
+end

data/lib/coppertone/mechanism/ip6.rb

@@ -0,0 +1,13 @@
+require 'coppertone/mechanism/ip_mechanism'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the ip6 mechanism.
+    class IP6 < IPMechanism
+      def ip_for_match(macro_context)
+        macro_context.ip_v6
+      end
+    end
+    register('ip6', Coppertone::Mechanism::IP6)
+  end
+end

data/lib/coppertone/mechanism/ip_mechanism.rb

@@ -0,0 +1,48 @@
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the ip4 mechanism.
+    class IPMechanism < Mechanism
+      attr_reader :ip_network
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      def initialize(attributes)
+        unless attributes.blank?
+          attributes = attributes[1..-1] if attributes[0] == ':'
+          @ip_network = parse_ip_network(attributes)
+        end
+        fail Coppertone::InvalidMechanismError if @ip_network.nil?
+      end
+
+      LEADING_ZEROES_IN_CIDR_REGEXP = /\/0\d/
+      def validate_no_leading_zeroes_in_cidr(ip_as_s)
+        return unless LEADING_ZEROES_IN_CIDR_REGEXP.match(ip_as_s)
+        fail Coppertone::InvalidMechanismError
+      end
+
+      def parse_ip_network(ip_as_s)
+        validate_no_leading_zeroes_in_cidr(ip_as_s)
+        addr, cidr_length, dual = ip_as_s.split('/')
+        return nil if dual
+        network = IPAddr.new(addr)
+        network = network.mask(cidr_length.to_i) unless cidr_length.blank?
+        network
+      rescue IPAddr::Error
+        nil
+      end
+
+      def match?(macro_context, _request_context)
+        ip = ip_for_match(macro_context)
+        return false unless ip
+        return false unless ip.ipv4? == @ip_network.ipv4?
+        @ip_network.include?(ip)
+      end
+
+      def ==(other)
+        return false unless other.instance_of? self.class
+        ip_network == other.ip_network
+      end
+    end
+  end
+end

data/lib/coppertone/mechanism/mx.rb

@@ -0,0 +1,40 @@
+require 'coppertone/mechanism/domain_spec_with_dual_cidr'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the MX mechanism.
+    class MX < DomainSpecWithDualCidr
+      def match_target_name(macro_context, request_context, target_name)
+        mx_exchange_names = look_up_mx_exchanges(request_context, target_name)
+
+        count = 0
+        checker = ip_checker(macro_context, request_context)
+        matched_record = mx_exchange_names.find do |mx|
+          count += 1
+          check_a_record_limit(request_context, count)
+          checker.check(mx, ip_v4_cidr_length, ip_v6_cidr_length)
+        end
+        !matched_record.nil?
+      end
+
+      def ip_checker(macro_context, request_context)
+        Coppertone::Utils::IPInDomainChecker.new(macro_context,
+                                                 request_context)
+      end
+
+      def look_up_mx_exchanges(request_context, target_name)
+        dns_client = request_context.dns_client
+        dns_client.fetch_mx_records(target_name).map do |mx|
+          mx[:exchange]
+        end
+      end
+
+      def check_a_record_limit(request_context, count)
+        limit = request_context.dns_lookups_per_mx_mechanism_limit
+        return unless limit && count > limit
+        fail Coppertone::MXLimitExceededError
+      end
+    end
+    register('mx', Coppertone::Mechanism::MX)
+  end
+end

data/lib/coppertone/mechanism/ptr.rb

@@ -0,0 +1,17 @@
+require 'coppertone/mechanism/domain_spec_optional'
+
+module Coppertone
+  class Mechanism  # rubocop:disable Style/Documentation
+    # Implements the ptr mechanism.
+    class Ptr < DomainSpecOptional
+      def match_target_name(macro_context, request_context, target_name)
+        matching_name =
+          Coppertone::Utils::ValidatedDomainFinder
+            .new(macro_context, request_context)
+            .find(target_name)
+        !matching_name.nil?
+      end
+    end
+    register('ptr', Coppertone::Mechanism::Ptr)
+  end
+end

data/lib/coppertone/mechanism.rb

@@ -0,0 +1,32 @@
+require 'coppertone/class_builder'
+
+module Coppertone
+  # The class itself is primarily used as a factory for creating
+  # concrete mechanism instances based on a mechanism type
+  # string and corresponding attribute string.  Validation of
+  # the type is done here, while validation of the attributes
+  # is delegated to the class corresponding to the
+  # mechanism type
+  class Mechanism
+    def self.class_builder
+      @class_builder ||= ClassBuilder.new
+    end
+
+    def self.build(type, attributes)
+      class_builder.build(type, attributes)
+    end
+
+    def self.register(type, klass)
+      class_builder.register(type, klass)
+    end
+  end
+end
+
+require 'coppertone/mechanism/a'
+require 'coppertone/mechanism/all'
+require 'coppertone/mechanism/exists'
+require 'coppertone/mechanism/include'
+require 'coppertone/mechanism/ip4'
+require 'coppertone/mechanism/ip6'
+require 'coppertone/mechanism/mx'
+require 'coppertone/mechanism/ptr'

data/lib/coppertone/modifier/base.rb

@@ -0,0 +1,24 @@
+module Coppertone
+  class Modifier  # rubocop:disable Style/Documentation
+    class Base < Modifier
+      attr_reader :domain_spec
+      def initialize(attributes)
+        fail InvalidModifierError if attributes.blank?
+        @domain_spec = Coppertone::DomainSpec.new(attributes)
+      rescue Coppertone::MacroStringParsingError
+        raise Coppertone::InvalidModifierError
+      end
+
+      def target_name_from_domain_spec(macro_context, request_context)
+        domain =
+          domain_spec.expand(macro_context, request_context) if domain_spec
+        Coppertone::Utils::DomainUtils.macro_expanded_domain(domain)
+      end
+
+      def ==(other)
+        return false unless other.instance_of? self.class
+        domain_spec == other.domain_spec
+      end
+    end
+  end
+end

data/lib/coppertone/modifier/exp.rb

@@ -0,0 +1,34 @@
+require 'coppertone/modifier/base'
+
+module Coppertone
+  class Modifier  # rubocop:disable Style/Documentation
+    class Exp < Coppertone::Modifier::Base
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      ASCII_REGEXP = /\A[[:ascii:]]*\z/
+      def evaluate(macro_context, request_context)
+        target_name =
+          target_name_from_domain_spec(macro_context, request_context)
+        return nil unless target_name
+        macro_string = lookup_macro_string(target_name, request_context)
+        return nil unless macro_string
+        expanded = macro_string.expand(macro_context, request_context)
+        return nil unless ASCII_REGEXP.match(expanded)
+        expanded
+      rescue Coppertone::Error
+        nil
+      end
+
+      def lookup_macro_string(target_name, request_context)
+        records =
+          request_context.dns_client.fetch_txt_records(target_name)
+        return nil if records.empty?
+        return nil if records.size > 1
+        MacroString.new(records.first[:text])
+      end
+    end
+    register('exp', Coppertone::Modifier::Exp)
+  end
+end

data/lib/coppertone/modifier/redirect.rb

@@ -0,0 +1,17 @@
+require 'coppertone/modifier/base'
+
+module Coppertone
+  class Modifier  # rubocop:disable Style/Documentation
+    class Redirect < Coppertone::Modifier::Base
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      def evaluate(macro_context, request_context)
+        request_context.register_dns_lookup_term
+        target_name_from_domain_spec(macro_context, request_context)
+      end
+    end
+    register('redirect', Coppertone::Modifier::Redirect)
+  end
+end

data/lib/coppertone/modifier/unknown.rb

@@ -0,0 +1,16 @@
+module Coppertone
+  class Modifier  # rubocop:disable Style/Documentation
+    class Unknown < Modifier
+      def self.create(attributes)
+        new(attributes)
+      end
+
+      def initialize(attributes)
+        @macro_string = Coppertone::MacroString.new(attributes)
+      rescue Coppertone::MacroStringParsingError
+        raise Coppertone::InvalidModifierError
+      end
+    end
+    register('unknown', Coppertone::Modifier::Unknown)
+  end
+end

data/lib/coppertone/modifier.rb

@@ -0,0 +1,30 @@
+module Coppertone
+  # Instances of this class represent modifier terms, as defined by the
+  # SPF specification (see section 4.6.1).
+  class Modifier
+    def self.class_builder
+      @class_builder ||= ClassBuilder.new
+    end
+
+    def self.build(type, attributes)
+      class_builder.build(type, attributes)
+    end
+
+    def self.register(type, klass)
+      class_builder.register(type, klass)
+    end
+
+    MODIFIER_REGEXP = /\A([a-zA-Z]+[a-zA-Z0-9\-\_\.]*)=(\S*)\z/
+    def self.matching_term(text)
+      matches = MODIFIER_REGEXP.match(text)
+      return nil unless matches
+      type = matches[1]
+      attributes = matches[2]
+      build(type, attributes) || build('unknown', attributes)
+    end
+  end
+end
+
+require 'coppertone/modifier/exp'
+require 'coppertone/modifier/redirect'
+require 'coppertone/modifier/unknown'

data/lib/coppertone/qualifier.rb

@@ -0,0 +1,45 @@
+require 'coppertone/result'
+
+module Coppertone
+  # Instances of this class represent qualifiers, as defined by the
+  # SPF specification (see section 4.6.1).
+  #
+  # There are only 4 qualifiers permitted by the specification, so
+  # this class does not allow the creation of new instances.  These
+  # fixed instances should be accessed through either the class level
+  # constants or the qualifiers class method.
+  class Qualifier
+    @qualifier_hash = {}
+
+    DEFAULT_QUALIFIER_TEXT = '+'.freeze
+    def self.find_by_text(text)
+      text = DEFAULT_QUALIFIER_TEXT if text.blank?
+      @qualifier_hash[text]
+    end
+
+    def self.default_qualifier
+      find_by_text(nil)
+    end
+
+    attr_reader :text, :result_code
+    def initialize(text, result_code)
+      @text = text
+      @result_code = result_code
+    end
+
+    PASS = new(DEFAULT_QUALIFIER_TEXT, Result::PASS)
+    FAIL = new('-'.freeze, Result::FAIL)
+    SOFTFAIL = new('~'.freeze, Result::SOFTFAIL)
+    NEUTRAL = new('?'.freeze, Result::NEUTRAL)
+
+    private_class_method :new
+
+    def self.qualifiers
+      [PASS, FAIL, SOFTFAIL, NEUTRAL]
+    end
+
+    qualifiers.each do |q|
+      @qualifier_hash[q.text] = q
+    end
+  end
+end