github-pages-health-check 1.17.1 → 1.17.8

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e269d0849d9754d658dde60478ee1bb1a87913fd6e10cc79cc6cab834b899946
-  data.tar.gz: 83a05c02f53f262c02bcd7d1bf00801b7860fa878c32251fc24006f5dcf454ad
+  metadata.gz: b93b42aca0a60b8bd7d5df583585ec14e09c171077bf389e0d53699e935a344c
+  data.tar.gz: 9616ee04e0a5c2e80e2a1f32b66e401a39f98f31ba30317ffcb8e98c810994ca
 SHA512:
-  metadata.gz: 765bb285569e16d11123448b7a2bfcc31c6317293dab5b5a64c6f8af2c9925f5e000b9885273fb1b8c1b42b6db94340dde7292f7227c46b528e56ae0631916ab
-  data.tar.gz: ff8e0af41eb9e43bbe126a969a66fc6ebe704ed196f6a8d2230572ddb52ccfd089af823ddaf016600d117d343ce589f4e492c2b5148926d1c1eae83444900163
+  metadata.gz: 911c9d7e94f6a943a6789bc701b7bdf3ff1aa74b4ed0083d18304b40e903b0056175ea5c8990b1ef091156543cf651efcb3a38d80b7bb6721725b1b40c87ade1
+  data.tar.gz: 5dbcdd645e5f05c758126c1ce6dda0338a41ae6404f152ef18de7e2b6b37308446dd5b06cbf4f154d57a0c5eca87a1623debe3760aada69639b9d85193de6298

data/.github/workflows/push-cibuild.yml

@@ -10,6 +10,7 @@ jobs:
           - 2.5
           - 2.6
           - 2.7
+          - 3.0
     steps:
     - uses: actions/checkout@master
     - name: script/cibuild-docker

data/Gemfile

@@ -6,6 +6,7 @@ group :development do
   gem "dotenv", "~> 2.7"
   gem "gem-release", "~> 2.1"
   gem "pry", "~> 0.10"
+  gem "pry-byebug"
   gem "rspec", "~> 3.0"
   gem "rubocop", "~> 0.52"
   gem "webmock", "~> 3.8"

data/README.md

@@ -81,3 +81,40 @@ check = GitHubPages::HealthCheck::Site.new "github/pages-health-check", access_t
 ```
 
 You can also set `OCTOKIT_ACCESS_TOKEN` as an environmental variable, or via a `.env` file in your working directory.
+
+### Command Line
+
+```
+./script/check pages.github.com
+
+host: pages.github.com
+uri: https://pages.github.com/
+nameservers: :default
+dns_resolves?: true
+proxied?: false
+cloudflare_ip?: false
+fastly_ip?: false
+old_ip_address?: false
+a_record?: false
+cname_record?: true
+mx_records_present?: false
+valid_domain?: true
+apex_domain?: false
+should_be_a_record?: false
+cname_to_github_user_domain?: true
+cname_to_pages_dot_github_dot_com?: false
+cname_to_fastly?: false
+pointed_to_github_pages_ip?: false
+non_github_pages_ip_present?: false
+pages_domain?: true
+served_by_pages?: true
+valid?: true
+reason:
+https?: true
+enforces_https?: true
+https_error:
+https_eligible?: true
+caa_error:
+dns_zone_soa?: false
+dns_zone_ns?: false
+```

data/config/cloudflare-ips.txt

@@ -9,7 +9,14 @@
 197.234.240.0/22
 198.41.128.0/17
 162.158.0.0/15
-172.64.0.0/13
-131.0.72.0/22
 104.16.0.0/13
 104.24.0.0/14
+172.64.0.0/13
+131.0.72.0/22
+2400:cb00::/32
+2606:4700::/32
+2803:f800::/32
+2405:b500::/32
+2405:8100::/32
+2a06:98c0::/29
+2c0f:f248::/32

data/config/fastly-ips.txt

@@ -4,7 +4,7 @@
 103.245.222.0/23
 103.245.224.0/24
 104.156.80.0/20
-146.75.0.0/16
+146.75.0.0/17
 151.101.0.0/16
 157.52.64.0/18
 167.82.0.0/17
@@ -14,4 +14,6 @@
 172.111.64.0/18
 185.31.16.0/22
 199.27.72.0/21
-199.232.0.0/16
+199.232.0.0/16
+2a04:4e40::/32
+2a04:4e42::/32

data/github-pages-health-check.gemspec

@@ -19,6 +19,6 @@ Gem::Specification.new do |s|
   s.add_dependency("addressable", "~> 2.3")
   s.add_dependency("dnsruby", "~> 1.60")
   s.add_dependency("octokit", "~> 4.0")
-  s.add_dependency("public_suffix", ">= 2.0.2", "< 5.0")
+  s.add_dependency("public_suffix", ">= 3.0", "< 5.0")
   s.add_dependency("typhoeus", "~> 1.3")
 end

data/lib/github-pages-health-check/domain.rb

@@ -77,15 +77,25 @@ module GitHubPages
         185.199.111.153
       ).freeze
 
+      CURRENT_IPV6_ADDRESSES = %w(
+        2606:50c0:8000::153
+        2606:50c0:8001::153
+        2606:50c0:8002::153
+        2606:50c0:8003::153
+      ).freeze
+
+      CURRENT_IP_ADDRESSES_ALL =
+        (CURRENT_IP_ADDRESSES + CURRENT_IPV6_ADDRESSES).freeze
+
       HASH_METHODS = %i[
         host uri nameservers dns_resolves? proxied? cloudflare_ip?
-        fastly_ip? old_ip_address? a_record? cname_record?
-        mx_records_present? valid_domain? apex_domain? should_be_a_record?
-        cname_to_github_user_domain? cname_to_pages_dot_github_dot_com?
-        cname_to_fastly? pointed_to_github_pages_ip?
-        non_github_pages_ip_present? pages_domain?
+        fastly_ip? old_ip_address? a_record? aaaa_record? aaaa_record_present?
+        cname_record? mx_records_present? valid_domain? apex_domain?
+        should_be_a_record? cname_to_github_user_domain?
+        cname_to_pages_dot_github_dot_com? cname_to_fastly?
+        pointed_to_github_pages_ip? non_github_pages_ip_present? pages_domain?
         served_by_pages? valid? reason valid_domain? https?
-        enforces_https? https_error https_eligible? caa_error
+        enforces_https? https_error https_eligible? caa_error dns_zone_soa? dns_zone_ns?
       ].freeze
 
       def self.redundant(host)
@@ -128,8 +138,8 @@ module GitHubPages
       def invalid_aaaa_record?
         return @invalid_aaaa_record if defined? @invalid_aaaa_record
 
-        @invalid_aaaa_record = (valid_domain? && should_be_a_record? &&
-                                aaaa_record_present?)
+        @invalid_aaaa_record =
+          (valid_domain? && aaaa_record_present? && !should_be_a_record?)
       end
 
       def invalid_a_record?
@@ -164,7 +174,10 @@ module GitHubPages
       # Is this domain an apex domain, meaning a CNAME would be innapropriate
       def apex_domain?
         return @apex_domain if defined?(@apex_domain)
-        return unless valid_domain?
+
+        return false unless valid_domain?
+
+        return true if dns_zone_soa? && dns_zone_ns?
 
         # PublicSuffix.domain pulls out the apex-level domain name.
         # E.g. PublicSuffix.domain("techblog.netflix.com") # => "netflix.com"
@@ -177,6 +190,30 @@ module GitHubPages
                             :ignore_private => true) == unicode_host
       end
 
+      #
+      # Does the domain have an associated SOA record?
+      #
+      def dns_zone_soa?
+        return @soa_records if defined?(@soa_records)
+        return false unless dns?
+
+        @soa_records = dns.any? do |answer|
+          answer.type == Dnsruby::Types::SOA && answer.name.to_s == host
+        end
+      end
+
+      #
+      # Does the domain have assoicated NS records?
+      #
+      def dns_zone_ns?
+        return @ns_records if defined?(@ns_records)
+        return false unless dns?
+
+        @ns_records = dns.any? do |answer|
+          answer.type == Dnsruby::Types::NS && answer.name.to_s == host
+        end
+      end
+
       # Should the domain use an A record?
       def should_be_a_record?
         !pages_io_domain? && (apex_domain? || mx_records_present?)
@@ -186,20 +223,20 @@ module GitHubPages
         !should_be_a_record?
       end
 
-      # Is the domain's first response an A record to a valid GitHub Pages IP?
+      # Is the domain's first response an A or AAAA record to a valid GitHub Pages IP?
       def pointed_to_github_pages_ip?
-        a_record? && CURRENT_IP_ADDRESSES.include?(dns.first.address.to_s)
+        return false unless address_record?
+
+        CURRENT_IP_ADDRESSES_ALL.include?(dns.first.address.to_s.downcase)
       end
 
-      # Are any of the domain's A records pointing elsewhere?
+      # Are any of the domain's A or AAAA records pointing elsewhere?
       def non_github_pages_ip_present?
         return unless dns?
 
-        a_records = dns.select { |answer| answer.type == Dnsruby::Types::A }
-
-        a_records.any? { |answer| !github_pages_ip?(answer.address.to_s) }
-
-        false
+        dns
+          .select { |a| Dnsruby::Types::A == a.type || Dnsruby::Types::AAAA == a.type }
+          .any? { |a| !github_pages_ip?(a.address.to_s) }
       end
 
       # Is the domain's first response a CNAME to a pages domain?
@@ -278,7 +315,9 @@ module GitHubPages
         Dnsruby::Types::A,
         Dnsruby::Types::AAAA,
         Dnsruby::Types::CNAME,
-        Dnsruby::Types::MX
+        Dnsruby::Types::MX,
+        Dnsruby::Types::NS,
+        Dnsruby::Types::SOA
       ].freeze
 
       # Returns an array of DNS answers
@@ -316,9 +355,18 @@ module GitHubPages
 
       # Is this domain's first response an A record?
       def a_record?
+        return @is_a_record if defined?(@is_a_record)
         return unless dns?
 
-        dns.first.type == Dnsruby::Types::A
+        @is_a_record = Dnsruby::Types::A == dns.first.type
+      end
+
+      # Is this domain's first response an AAAA record?
+      def aaaa_record?
+        return @is_aaaa_record if defined?(@is_aaaa_record)
+        return unless dns?
+
+        @is_aaaa_record = Dnsruby::Types::AAAA == dns.first.type
       end
 
       def aaaa_record_present?
@@ -339,6 +387,8 @@ module GitHubPages
       # The domain to which this domain's CNAME resolves
       # Returns nil if the domain is not a CNAME
       def cname
+        return unless dns?
+
         cnames = dns.take_while { |answer| answer.type == Dnsruby::Types::CNAME }
         return if cnames.empty?
 
@@ -356,7 +406,6 @@ module GitHubPages
         return unless dns_resolves?
 
         @served_by_pages = begin
-          return false unless response.mock? || response.return_code == :ok
           return true if response.headers["Server"] == "GitHub.com"
 
           # Typhoeus mangles the case of the header, compare insensitively
@@ -393,8 +442,6 @@ module GitHubPages
       def https_eligible?
         # Can't have any IP's which aren't GitHub's present.
         return false if non_github_pages_ip_present?
-        # Can't have any AAAA records present
-        return false if aaaa_record_present?
         # Must be a CNAME or point to our IPs.
 
         # Only check the one domain if a CNAME. Don't check the parent domain.
@@ -406,13 +453,17 @@ module GitHubPages
 
       # Any errors querying CAA records
       def caa_error
-        return nil unless caa.errored?
+        return nil unless caa&.errored?
 
         caa.error.class.name
       end
 
       private
 
+      def address_record?
+        a_record? || aaaa_record?
+      end
+
       def caa
         @caa ||= GitHubPages::HealthCheck::CAA.new(
           :host => cname&.host || host,
@@ -487,10 +538,12 @@ module GitHubPages
       def cdn_ip?(cdn)
         return unless dns?
 
-        a_records = dns.select { |answer| answer.type == Dnsruby::Types::A }
-        return false if !a_records || a_records.empty?
+        address_records = dns.select do |answer|
+          Dnsruby::Types::A == answer.type || Dnsruby::Types::AAAA == answer.type
+        end
+        return false if !address_records || address_records.empty?
 
-        a_records.all? do |answer|
+        address_records.all? do |answer|
           cdn.controls_ip?(answer.address)
         end
       end
@@ -500,7 +553,7 @@ module GitHubPages
       end
 
       def github_pages_ip?(ip_addr)
-        CURRENT_IP_ADDRESSES.include?(ip_addr)
+        CURRENT_IP_ADDRESSES_ALL.include?(ip_addr&.to_s&.downcase)
       end
     end
   end

data/lib/github-pages-health-check/version.rb

@@ -2,6 +2,6 @@
 
 module GitHubPages
   module HealthCheck
-    VERSION = "1.17.1"
+    VERSION = "1.17.8"
   end
 end

data/script/check

@@ -3,6 +3,8 @@
 #
 # Usage: script/check [DOMAIN]
 
+require "rubygems"
+require "bundler/setup"
 require_relative "../lib/github-pages-health-check"
 
 if ARGV.count != 1

data/script/update-cdn-ips

@@ -8,15 +8,43 @@ require "open-uri"
 require "json"
 
 SOURCES = {
-  :cloudflare => "https://www.cloudflare.com/ips-v4",
-  :fastly => "https://api.fastly.com/public-ip-list"
+  :cloudflare => ["https://www.cloudflare.com/ips-v4", "https://www.cloudflare.com/ips-v6"],
+  :fastly => ["https://api.fastly.com/public-ip-list"]
 }.freeze
 
-SOURCES.each do |source, url|
+def parse_fastly(data)
+  json_data = JSON.parse(data)
+  (json_data["addresses"] + json_data["ipv6_addresses"]).join("\n")
+end
+
+def parse_cloudflare(data)
+  data
+end
+
+def fetch_ips_from_cdn(urls)
+  urls.map do |url|
+    puts "Fetching #{url}..."
+    URI.parse(url).open.read
+  end.join("\n")
+end
+
+def update_cdn_file(source, data)
   file = "config/#{source}-ips.txt"
-  puts "Fetching #{url}..."
-  data = open(url).read
-  data = JSON.parse(data)["addresses"].join("\n") if source == :fastly
   File.write(file, data)
+  puts "Writing contents to #{file} and staging changes."
   `git add --verbose #{file}`
 end
+
+def parse_cdn_response(source, ips)
+  send("parse_#{source}", ips)
+end
+
+def update_cdn_ips(source, urls)
+  ips = fetch_ips_from_cdn(urls)
+  data = parse_cdn_response(source, ips)
+  update_cdn_file(source, data)
+end
+
+SOURCES.each do |source, urls|
+  update_cdn_ips(source, urls)
+end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: github-pages-health-check
 version: !ruby/object:Gem::Version
-  version: 1.17.1
+  version: 1.17.8
 platform: ruby
 authors:
 - GitHub, Inc.
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-04-12 00:00:00.000000000 Z
+date: 2021-09-10 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -58,7 +58,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -68,7 +68,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -99,7 +99,6 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - Dockerfile
 - Gemfile
 - LICENSE.md
@@ -161,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.9
 signing_key: 
 specification_version: 4
 summary: Checks your GitHub Pages site for commons DNS configuration issues

data/.travis.yml

@@ -1,16 +0,0 @@
-language: ruby
-rvm:
-  - 2.5
-  - 2.6
-  - 2.7
-
-before_install:
-  - gem update --system
-
-script: "script/cibuild"
-
-notifications:
-  email: false
-
-cache: bundler
-sudo: false