dnsruby 1.60.2 → 1.73.0

data/lib/dnsruby/resource/NSEC.rb

@@ -152,7 +152,7 @@ module Dnsruby
       end
 
       def self.encode_types(nsec)
-        output = ''
+        output = +''
         # types represents all 65536 possible RR types.
         # Split up types into sets of 256 different types.
         type_codes = []
@@ -171,7 +171,7 @@ module Dnsruby
 
           unless types_to_go.empty?
             #  Then create the bitmap for them
-            bitmap = ''
+            bitmap = +''
             #  keep on adding them until there's none left
             pos = 0
             bitmap_pos = 0

data/lib/dnsruby/resource/NSEC3PARAM.rb

@@ -85,7 +85,7 @@ module Dnsruby
       #       end
       # 
       def from_data(data) #:nodoc: all
-        hash_alg, flags, iterations, salt_length, salt = data
+        hash_alg, flags, iterations, _salt_length, salt = data
         self.hash_alg=(hash_alg)
         self.flags=(flags)
         self.iterations=(iterations)

data/lib/dnsruby/resource/NXT.rb

@@ -95,7 +95,7 @@ class NXT < RR
     next_domain = Name.create(next_domain) if next_domain.is_a?(String)
     types = TypeBitmap.from_type_codes(types) if types.is_a?(Array)
 
-    binary_string = ''.force_encoding('ASCII-8BIT')
+    binary_string = ''.b
     binary_string << next_domain.canonical
     binary_string << BitMapping.reverse_binary_string_bits(types.to_binary_string)
     binary_string

data/lib/dnsruby/resource/RR.rb

@@ -350,7 +350,7 @@ class RR
   end
 
   def hash # :nodoc:
-    vars = (self.instance_variables - [:@ttl]).sort
+    vars = (self.instance_variables - [:@ttl, :@rdata]).sort
     vars.inject(0) do |hash_value, var_name|
       hash_value ^ self.instance_variable_get(var_name).hash
     end

data/lib/dnsruby/resource/TLSA.rb

@@ -33,8 +33,8 @@ module Dnsruby
         # 255 Private use
         attr_accessor :matching_type
         # sec 2.1.4
-        attr_accessor :data
-        attr_accessor :databin
+        attr_reader :data
+        attr_reader :databin
 
         def verify
           raise ArgumentError, "usage with invalid value: #{@usage}" if @usage < 0 || @usage > 255
@@ -71,7 +71,7 @@ module Dnsruby
           if @matching_type == 0 && @selector == 0 && @databin
             begin
               cert = OpenSSL::X509::Certificate.new(@databin)
-            rescue => e
+            rescue
               raise ArgumentError, 'data is invalid cert '
             end
           end

data/lib/dnsruby/resource/TXT.rb

@@ -63,7 +63,7 @@ module Dnsruby
         unquoted = false
         seen_strings = false
         pos = 0
-        input.sub!(/^\s*\(\s*/, "")
+        input = input.sub(/^\s*\(\s*/, "")
         input.sub!(/\s*\)\s*$/, "")
         input.each_char {|c|
           if (((c == "'") || (c == '"')) && (!in_escaped) && (!unquoted))
@@ -82,7 +82,17 @@ module Dnsruby
             end
           else
             if (seen_strings && !in_string)
-              next
+              if (c == ";")
+                 # Comment in zone file!
+                 return strings
+              end
+              if (c != " " && c != "\t")
+                in_string = true
+                count+=1
+                strings[count] = ""
+              else
+                next
+              end
             end
             if (pos == 0)
               unquoted = true

data/lib/dnsruby/resource/URI.rb

@@ -0,0 +1,57 @@
+module Dnsruby
+  class RR
+      class URI < RR
+        ClassValue = nil #:nodoc: all
+        TypeValue= Types::URI #:nodoc: all
+
+        #  The NAPTR RR order field
+        attr_accessor :priority
+
+        #  The NAPTR RR order field
+        attr_accessor :weight
+
+        #  The NAPTR RR order field
+        attr_accessor :target
+
+        def from_hash(hash) #:nodoc: all
+          @priority = hash[:priority]
+          @weight = hash[:weight]
+          @target = hash[:target]
+        end
+
+        def from_data(data) #:nodoc: all
+          @priority,  @weight, @target = data
+        end
+
+        def from_string(input) #:nodoc: all
+          if (input.strip.length > 0)
+            values = input.split(" ")
+            @priority = values [0].to_i
+            @weight = values [1].to_i
+            @target = values [2].gsub!("\"", "")
+          end
+        end
+
+        def rdata_to_string #:nodoc: all
+            "#{@priority} #{@weight} \"#{@target}\""
+        end
+
+        def encode_rdata(msg, canonical=false) #:nodoc: all
+          if (@priority != nil)
+            msg.put_pack('n', @priority)
+            msg.put_pack('n', @weight)
+            msg.put_bytes(@target)
+          end
+        end
+
+        def self.decode_rdata(msg) #:nodoc: all
+          priority, = msg.get_unpack('n')
+          weight, = msg.get_unpack('n')
+          target = msg.get_bytes
+          return self.new([priority, weight, target])
+        end
+
+
+      end
+  end
+end

data/lib/dnsruby/resource/generic.rb

@@ -152,9 +152,12 @@ require 'dnsruby/resource/OPT'
 require 'dnsruby/resource/TSIG'
 require 'dnsruby/resource/TKEY'
 require 'dnsruby/resource/DNSKEY'
+require 'dnsruby/resource/CDNSKEY'
 require 'dnsruby/resource/RRSIG'
 require 'dnsruby/resource/NSEC'
 require 'dnsruby/resource/DS'
+require 'dnsruby/resource/CDS'
+require 'dnsruby/resource/URI'
 require 'dnsruby/resource/NSEC3'
 require 'dnsruby/resource/NSEC3PARAM'
 require 'dnsruby/resource/DLV'

data/lib/dnsruby/select_thread.rb

@@ -138,9 +138,13 @@ module Dnsruby
         @@sockets << query_settings.socket
         @@socket_is_persistent[query_settings.socket] = query_settings.is_persistent_socket
       }
+      wake_up_select_thread
+    end
+
+    def wake_up_select_thread
       begin
         @@wakeup_sockets[0].send("wakeup!", 0)
-      rescue Exception => e
+      rescue Exception
         #          do nothing
       end
     end
@@ -190,12 +194,11 @@ module Dnsruby
         end
         #         next if (timeout < 0)
         begin
-          ready, write, errors = IO.select(sockets, nil, nil, timeout)
+          ready, _write, _errors = IO.select(sockets, nil, nil, timeout)
         rescue SelectWakeup
           #  If SelectWakeup, then just restart this loop - the select call will be made with the new data
           next
-        rescue IOError => e
-          #           print "IO Error  =: #{e}\n"
+        rescue IOError, EncodeError
           exceptions = clean_up_closed_sockets
           exceptions.each { |exception| send_exception_to_client(*exception) }
 
@@ -248,7 +251,7 @@ module Dnsruby
     # Removes closed sockets from @@sockets, and returns an array containing 1
     # exception for each closed socket contained in @@socket_hash.
     def clean_up_closed_sockets
-      exceptions = @@mutex.synchronize do
+      @@mutex.synchronize do
         closed_sockets_in_hash = @@sockets.select(&:closed?).select { |s| @@socket_hash[s] }
         @@sockets.delete_if { | socket | socket.closed? }
         closed_sockets_in_hash.each_with_object([]) do |socket, exceptions|
@@ -257,6 +260,7 @@ module Dnsruby
           end
         end
       end
+      exceptions
     end
 
     def process_error(errors)
@@ -295,7 +299,6 @@ module Dnsruby
       @@mutex.synchronize do
         ids = get_active_ids(@@query_hash, msg.header.id)
         return if ids.empty? # should be only one
-        query_settings = @@query_hash[ids[0]].clone
       end
 
       answerip = msg.answerip.downcase
@@ -369,21 +372,25 @@ module Dnsruby
     end
 
     def remove_id(id)
-
       @@mutex.synchronize do
-        socket = @@query_hash[id].socket
-        @@timeouts.delete(id)
-        @@query_hash.delete(id)
-        @@socket_hash[socket].delete(id)
-
-        decrement_remaining_queries(socket) if persistent?(socket)
-
-        if !persistent?(socket) || max_attained?(socket)
-          @@sockets.delete(socket)
-          @@socket_hash.delete(socket)
-          Dnsruby.log.debug("Closing socket #{socket}")
-          socket.close rescue nil
-        end
+        remove_id_from_mutex_synchronized_block(id)
+      end
+    end
+
+    # THIS MUST BE CALLED FROM INSIDE A @@mutex SYNCHRONISED BLOCK!
+    def remove_id_from_mutex_synchronized_block(id)
+      socket = @@query_hash[id].socket
+      @@timeouts.delete(id)
+      @@query_hash.delete(id)
+      @@socket_hash[socket].delete(id)
+
+      decrement_remaining_queries(socket) if persistent?(socket)
+
+      if !persistent?(socket) || max_attained?(socket)
+        @@sockets.delete(socket)
+        @@socket_hash.delete(socket)
+        Dnsruby.log.debug("Closing socket #{socket}")
+        socket.close rescue nil
       end
     end
 
@@ -415,12 +422,12 @@ module Dnsruby
       #  Keep buffer for all TCP sockets, and return
       #  to select after reading available data. Once all data has been received,
       #  then process message.
-      buf=""
+      buf = +""
       expected_length = 0
       @@mutex.synchronize {
         buf, expected_length = @@tcp_buffers[socket]
         if (!buf)
-          buf = ""
+          buf = +""
           expected_length = 2
           @@tcp_buffers[socket]=[buf, expected_length]
         end
@@ -444,7 +451,7 @@ module Dnsruby
 
             return false
           end
-          buf << input
+          buf << input if input
         rescue
           #  Oh well - better luck next time!
           return false
@@ -456,7 +463,7 @@ module Dnsruby
           #  We just read the data_length field. Now we need to start reading that many bytes.
           @@mutex.synchronize {
             answersize = buf.unpack('n')[0]
-            @@tcp_buffers[socket] = ["", answersize]
+            @@tcp_buffers[socket] = [+"", answersize]
           }
           return tcp_read(socket)
         else
@@ -547,12 +554,10 @@ module Dnsruby
               query_header_id = @@query_hash[id].query.header.id
               if (query_header_id == e.partial_message.header.id)
                 #  process the response
-                client_queue = nil
-                res = nil
-                query=nil
                 client_queue = @@query_hash[id].client_queue
                 res = @@query_hash[id].single_resolver
                 query = @@query_hash[id].query
+                remove_id_from_mutex_synchronized_block(id)
 
                 #  NOW RESEND OVER TCP!
                 Thread.new {
@@ -642,6 +647,7 @@ module Dnsruby
           do_select
         }
       end
+      wake_up_select_thread
     end
 
     def push_response_to_select(client_id, client_queue, msg, query, res)
@@ -662,6 +668,7 @@ module Dnsruby
           do_select
         }
       end
+      wake_up_select_thread
     end
 
     def push_validation_response_to_select(client_id, client_queue, msg, err, query, res)
@@ -678,6 +685,7 @@ module Dnsruby
           do_select
         }
       end
+      wake_up_select_thread
     end
 
     def send_queued_exceptions
@@ -732,7 +740,7 @@ module Dnsruby
       }
 
       responses.each do |item|
-        client_id, client_queue, msg, err, query, res = item
+        client_id, client_queue, msg, err, _query, _res = item
         #         push_to_client(client_id, client_queue, msg, err)
         client_queue.push([client_id, Resolver::EventType::VALIDATED, msg, err])
         notify_queue_observers(client_queue, client_id)

data/lib/dnsruby/single_verifier.rb

@@ -65,6 +65,7 @@ module Dnsruby
           @@recursor = Recursor.new
         end
       end
+      @@recursor.dnssec = true
       return @@recursor
     end
 
@@ -72,12 +73,15 @@ module Dnsruby
       #       if (Dnssec.do_validation_with_recursor?)
       #         return Recursor.new
       #       else
+      resolver = nil
       if (Dnssec.default_resolver)
-        return Dnssec.default_resolver
+        resolver = Dnssec.default_resolver
       else
-        return Resolver.new
+        resolver = Resolver.new
       end
       #       end
+      resolver.dnssec = true
+      return resolver
     end
     def add_dlv_key(key)
       #  Is this a ZSK or a KSK?
@@ -458,7 +462,6 @@ module Dnsruby
     def check_no_wildcard_expansion(msg) # :nodoc:
       #  @TODO@ Do this for NSEC3 records!!!
       proven_no_wildcards = false
-      name = msg.question()[0].qname
       [msg.authority.rrsets('NSEC'), msg.authority.rrsets('NSEC3')].each {|nsec_rrsets|
         nsec_rrsets.each {|nsecs|
           nsecs.rrs.each {|nsec|
@@ -770,7 +773,7 @@ module Dnsruby
         }.to_s # @TODO@ worry about wildcards here?
         rec.ttl = old_ttl
         if (RUBY_VERSION >= "1.9")
-          data.force_encoding("ASCII-8BIT")
+          data.force_encoding(Encoding::BINARY)
         end
         sig_data += data
       end
@@ -796,6 +799,19 @@ module Dnsruby
 
         asn1 = OpenSSL::ASN1::Sequence.new([r_asn1, s_asn1]).to_der
         verified = keyrec.public_key.verify(OpenSSL::Digest::DSS1.new, asn1, sig_data)
+      elsif [Algorithms.ECDSAP256SHA256, Algorithms.ECDSAP384SHA384].include?(sigrec.algorithm)
+        byte_size = (keyrec.public_key.group.degree + 7) / 8
+        sig_bytes = sigrec.signature[0..(byte_size - 1)]
+        sig_char = sigrec.signature[byte_size..-1] || ''
+        asn1 = OpenSSL::ASN1::Sequence.new([sig_bytes, sig_char].map { |int| OpenSSL::ASN1::Integer.new(OpenSSL::BN.new(int, 2)) }).to_der
+
+        digest_obj = if sigrec.algorithm == Algorithms.ECDSAP384SHA384
+                       OpenSSL::Digest::SHA384.new
+                     else
+                       OpenSSL::Digest::SHA256.new
+                     end
+
+        verified = keyrec.public_key.dsa_verify_asn1(digest_obj.digest(sig_data), asn1)
       else
         raise RuntimeError.new("Algorithm #{sigrec.algorithm.code} unsupported by Dnsruby")
       end
@@ -848,6 +864,7 @@ module Dnsruby
           end
         end
       end
+      res.dnssec = true
       #       query = Message.new(name, Types.DNSKEY)
       #       query.do_validation = false
       ret = nil
@@ -1011,6 +1028,7 @@ module Dnsruby
                 end
               end
             end
+            parent_res.dnssec = true
           end
           #  Use that Resolver to query for DS record and NS for children
           ds_rrset = current_anchor
@@ -1068,6 +1086,7 @@ module Dnsruby
                 child_res = Resolver.new
               end
             end
+            child_res.dnssec = true
           end
         end
         #  Query for DNSKEY record, and verify against DS in parent.
@@ -1143,11 +1162,14 @@ module Dnsruby
       if (Dnssec.do_validation_with_recursor?)
         return get_recursor
       else
+        resolver = nil
         if (Dnssec.default_resolver)
-          return Dnssec.default_resolver
+          resolver = Dnssec.default_resolver
         else
-          return Resolver.new
+          resolver = Resolver.new
         end
+        resolver.dnssec = true
+        return resolver
       end
     end
 
@@ -1306,8 +1328,7 @@ module Dnsruby
             msg.security_level = Message::SecurityLevel.SECURE
             return true
           end
-        rescue VerifyError => e
-          #           print "Verify failed : #{e}\n"
+        rescue VerifyError
         end
       end
       if (error)

data/lib/dnsruby/validator_thread.rb

@@ -1,12 +1,12 @@
 # --
 # Copyright 2007 Nominet UK
-# 
+#
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
-# 
+#
 #     http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@@ -109,7 +109,7 @@ module Dnsruby
           return true
         rescue VerifyError => e
           response.security_error = e
-          response.security_level = BOGUS
+          response.security_level = Message::SecurityLevel.BOGUS
           #  Response security_level should already be set
           return false
         end

data/lib/dnsruby/version.rb

@@ -1,3 +1,3 @@
 module Dnsruby
-  VERSION = '1.60.2'
+  VERSION = '1.73.0'
 end

data/lib/dnsruby/zone_reader.rb

@@ -68,7 +68,7 @@ module Dnsruby
             end
             zone.push(rr)
           end
-        rescue Exception => e
+        rescue Exception
           raise ParseException.new("Error reading line #{io.lineno} of #{io.inspect} : [#{line}]")
         end
       end
@@ -303,7 +303,7 @@ module Dnsruby
         (split.length - 2).times {|i| line += "#{split[i+2]} "}
         line += "\n"
         split = line.split
-      rescue Error => e
+      rescue Error
       end
 
       #  Add the type so we can load the zone one RRSet at a time.

data/lib/dnsruby/zone_transfer.rb

@@ -33,6 +33,8 @@ module Dnsruby
     attr_reader :tsig
     #  Returns the tsigstate of the last transfer (nil if no TSIG signed transfer has occurred)
     attr_reader :last_tsigstate
+    # Sets the connect timeout in seconds
+    attr_accessor :connect_timeout
 
     # Sets the TSIG to sign the zone transfer with.
     # Pass in either a Dnsruby::RR::TSIG, or a key_name and key (or just a key)
@@ -54,6 +56,7 @@ module Dnsruby
       @tsig = nil
       @axfr = nil
       @src_address = nil
+      @connect_timeout = 5
     end
 
     #  Perform a zone transfer (RFC1995)
@@ -107,7 +110,8 @@ module Dnsruby
     def do_transfer(zone, server) #:nodoc: all
       @transfer_type = Types.new(@transfer_type)
       @state = :InitialSoa
-      socket = TCPSocket.new(server, @port, @src_address)
+      socket = Socket.tcp(server, @port, @src_address, connect_timeout: @connect_timeout)
+      # socket = TCPSocket.new(server, @port, @src_address)
       begin
         #  Send an initial query
         msg = Message.new(zone, @transfer_type, @klass)
@@ -240,7 +244,6 @@ module Dnsruby
     end
 
     def parseRR(rec) #:nodoc: all
-      name = rec.name
       type = rec.type
       delta = Delta.new
 

data/lib/dnsruby.rb

@@ -25,10 +25,6 @@ require 'dnsruby/DNS'
 require 'dnsruby/hosts'
 require 'dnsruby/update'
 require 'dnsruby/zone_transfer'
-require 'dnsruby/dnssec'
-require 'dnsruby/zone_reader'
-require 'dnsruby/resolv'
-
 
 # = Dnsruby library
 # Dnsruby is a thread-aware DNS stub resolver library written in Ruby.
@@ -239,3 +235,7 @@ module Dnsruby
   class ZoneSerialError < ResolvError
   end
 end
+
+require 'dnsruby/dnssec'
+require 'dnsruby/zone_reader'
+require 'dnsruby/resolv'

data/test/localdns.rb

@@ -0,0 +1,29 @@
+#!/usr/bin/env ruby
+
+require_relative 'spec_helper'
+
+require_relative "test_dnsserver"
+
+class SimpleTCPPipeliningUDPServer < Async::DNS::Server
+  PORT     = 53938
+  IP   = '127.0.0.1'
+
+  def initialize(**options)
+    super(options)
+
+    @handlers << TcpPipelineHandler.new(self, IP, PORT)
+    @handlers << Async::DNS::UDPServerHandler.new(self, IP, PORT)
+
+  end
+
+  def process(name, resource_class, transaction)
+    @logger.debug "name: #{name}"
+    transaction.respond!("93.184.216.34", { resource_class: ::Resolv::DNS::Resource::IN::A })
+  end
+
+end
+
+
+if __FILE__ == $0
+  RubyDNS::run_server(server_class: SimpleTCPPipeliningUDPServer)
+end

data/test/spec_helper.rb

@@ -1,22 +1,32 @@
+$VERBOSE = true
+
+if Warning.respond_to?(:[]=)
+  Warning[:deprecated] = true
+end
+
 if ENV['RUN_EXTRA_TASK'] == 'TRUE'
-  require 'coveralls'
-  Coveralls.wear!
+  unless "test".frozen?
+    # Coverall setup term-ansi-color which isn't yet frozen string literal compatible
+    # Ref: https://github.com/flori/term-ansicolor/pull/38
+    require 'coveralls'
+    Coveralls.wear!
+  end
 
   require 'simplecov'
 
-  # SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
-      # [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter])
-  SimpleCov.formatter = Coveralls::SimpleCov::Formatter
-  SimpleCov.start do
-    add_filter 'test/'
-  end
+  # # SimpleCov.formatter = SimpleCov::Formatter::MultiFormatter.new(
+  #     # [SimpleCov::Formatter::HTMLFormatter, Coveralls::SimpleCov::Formatter])
+  # SimpleCov.formatter = Coveralls::SimpleCov::Formatter
+  # SimpleCov.start do
+  #   add_filter 'test/'
+  # end
 end
 
 require 'minitest'
 require 'minitest/autorun'
 require 'minitest/display'
 
-MiniTest::Display.options = {
+Minitest::Display.options = {
   suite_names: true,
   color: true,
   print: {
@@ -33,3 +43,18 @@ MiniTest::Display.options = {
   require_relative '../lib/dnsruby'
   require_relative 'test_utils'
 end.()
+
+def with_retries(max_attempts: 5, exceptions: [Dnsruby::ServFail, Dnsruby::ResolvTimeout], success_check: ->(result) { result }, &block)
+  attempts = 0
+  while attempts < max_attempts
+    begin
+      result = block.call
+      return result if success_check.call(result)  # e.g., for nil-check: ->(r) { r }
+    rescue *exceptions => e
+      puts "Retry #{attempts + 1}/#{max_attempts}: #{e.class} - #{e.message}" if ENV['DEBUG_TESTS']
+    end
+    sleep(1)
+    attempts += 1
+  end
+  raise Minitest::Assertion, "Failed after #{max_attempts} retries"
+end

data/test/tc_caa.rb

@@ -16,7 +16,6 @@
 # ++
 
 require_relative 'spec_helper'
-require 'pry'
 
 class TestCAA < Minitest::Test
 
@@ -26,6 +25,7 @@ class TestCAA < Minitest::Test
     {'foo.com. IN CAA 0 issue "ca.example.net"' => [0, 'issue', 'ca.example.net'],
      'foo.com. IN CAA 1 issue "ca.example.net"' => [1, 'issue', 'ca.example.net'],
      'foo.com. IN CAA 0 issuewild "ca.example.net"' => [0, 'issuewild', 'ca.example.net'],
+     'foo.com. IN CAA 0 issuemail "ca.example.net"' => [0, 'issuemail', 'ca.example.net'],
      'foo.com. IN CAA 0 iodef "mailto:security@example.com"' => [0, 'iodef', 'mailto:security@example.com'],
      'foo.com. IN CAA 0 issue "ca.example.net; account=230123"' => [0, 'issue', 'ca.example.net; account=230123']
     }.each do |text, data|
@@ -45,5 +45,16 @@ class TestCAA < Minitest::Test
     end
   end
 
+  def test_caa_error
+    {
+      'foo.com. IN CAA 0 ca.example.net "issue"' => [0, 'ca.example.net', 'issue'],
+      'foo.com. IN CAA 0 Issue "ca.example.net"' => [0, 'Issue', 'ca.example.net']
+    }.each do |text, data|
+      assert_raises DecodeError do
+        RR.create(text)
+      end
+    end
+  end
+
 end