RubyGems - github-pages-health-check - Versions diffs - 1.17.2 → 1.17.9 - Mend

github-pages-health-check 1.17.2 → 1.17.9

Files changed (15) hide show

checksums.yaml +4 -4
data/.github/workflows/push-cibuild.yml +1 -0
data/.rubocop.yml +1 -1
data/Gemfile +1 -0
data/README.md +37 -0
data/config/cloudflare-ips.txt +9 -2
data/config/fastly-ips.txt +4 -2
data/github-pages-health-check.gemspec +1 -1
data/lib/github-pages-health-check/domain.rb +89 -28
data/lib/github-pages-health-check/errors/invalid_aaaa_record_error.rb +3 -3
data/lib/github-pages-health-check/version.rb +1 -1
data/script/check +2 -0
data/script/update-cdn-ips +34 -6
metadata +5 -6
data/.travis.yml +0 -16

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 41b89d75e93004b6de7694b363bcf15769ee02c8b03e7e6cea0eab99afa213cd
-  data.tar.gz: 8c0ee563b5ca7c34bfcbbb61048b0e375e936ca8be0f8d527e72b1fa41917a50
+  metadata.gz: 4c5eb1174f9f171c28477d1971a3272da065cf3af53241759fd7e2f9f19fa513
+  data.tar.gz: 9a5b9221d8fc8dae3834f960203f8cfd0342e0796051165e3b79bb9a31c305a4
 SHA512:
-  metadata.gz: 4e319123a847776a35923ce81d48d82e633a036166decf229bcd277437288f85c9333739af879584ea7ceb21d295a306b4004089e157da52721e725dd9eb1faf
-  data.tar.gz: b2a091d7fdd15f89ca9d0ce22d9c6c8bfb6357a1c7f660ce8faa3ee8d5b8a0e3ea2f2299fab35dfc037c8ec369d6321bc2ff17c8923f18a2887754d1ab1769a7
+  metadata.gz: 8e5fe1e4172bb296dd1a3814914d2949fe4c4d50f7cb384dbfb0adad7d364f99913ae7c040d90bb362cf8bdbe37b7e7db01deace5773ce73c78d70879da23b07
+  data.tar.gz: ee584b59c168c47c194af89b9ed79c6911573acb277fd65fb4dbbaa4f227fce56779a5a88af5c676b537011daacf16ec6190f388f27ef47b37fb9f25fd3557b3

data/.github/workflows/push-cibuild.yml CHANGED Viewed

@@ -10,6 +10,7 @@ jobs:
           - 2.5
           - 2.6
           - 2.7
+          - 3.0
     steps:
     - uses: actions/checkout@master
     - name: script/cibuild-docker

data/.rubocop.yml CHANGED Viewed

@@ -52,7 +52,7 @@ Style/ClassAndModuleChildren:
   Enabled: false # module X<\n>module Y is just as good as module X::Y.
 Layout/LineLength:
-  Max: 90
+  Max: 120
   Severity: warning
   Exclude:
     - github-pages-health-check.gemspec

data/Gemfile CHANGED Viewed

@@ -6,6 +6,7 @@ group :development do
   gem "dotenv", "~> 2.7"
   gem "gem-release", "~> 2.1"
   gem "pry", "~> 0.10"
+  gem "pry-byebug"
   gem "rspec", "~> 3.0"
   gem "rubocop", "~> 0.52"
   gem "webmock", "~> 3.8"

data/README.md CHANGED Viewed

@@ -81,3 +81,40 @@ check = GitHubPages::HealthCheck::Site.new "github/pages-health-check", access_t
 ```
 You can also set `OCTOKIT_ACCESS_TOKEN` as an environmental variable, or via a `.env` file in your working directory.
+### Command Line
+```
+./script/check pages.github.com
+host: pages.github.com
+uri: https://pages.github.com/
+nameservers: :default
+dns_resolves?: true
+proxied?: false
+cloudflare_ip?: false
+fastly_ip?: false
+old_ip_address?: false
+a_record?: false
+cname_record?: true
+mx_records_present?: false
+valid_domain?: true
+apex_domain?: false
+should_be_a_record?: false
+cname_to_github_user_domain?: true
+cname_to_pages_dot_github_dot_com?: false
+cname_to_fastly?: false
+pointed_to_github_pages_ip?: false
+non_github_pages_ip_present?: false
+pages_domain?: true
+served_by_pages?: true
+valid?: true
+reason:
+https?: true
+enforces_https?: true
+https_error:
+https_eligible?: true
+caa_error:
+dns_zone_soa?: false
+dns_zone_ns?: false
+```

data/config/cloudflare-ips.txt CHANGED Viewed

@@ -9,7 +9,14 @@
 197.234.240.0/22
 198.41.128.0/17
 162.158.0.0/15
-172.64.0.0/13
-131.0.72.0/22
 104.16.0.0/13
 104.24.0.0/14
+172.64.0.0/13
+131.0.72.0/22
+2400:cb00::/32
+2606:4700::/32
+2803:f800::/32
+2405:b500::/32
+2405:8100::/32
+2a06:98c0::/29
+2c0f:f248::/32

data/config/fastly-ips.txt CHANGED Viewed

@@ -4,7 +4,7 @@
 103.245.222.0/23
 103.245.224.0/24
 104.156.80.0/20
-146.75.0.0/16
+146.75.0.0/17
 151.101.0.0/16
 157.52.64.0/18
 167.82.0.0/17
@@ -14,4 +14,6 @@
 172.111.64.0/18
 185.31.16.0/22
 199.27.72.0/21
-199.232.0.0/16
+199.232.0.0/16
+2a04:4e40::/32
+2a04:4e42::/32

data/github-pages-health-check.gemspec CHANGED Viewed

@@ -19,6 +19,6 @@ Gem::Specification.new do |s|
   s.add_dependency("addressable", "~> 2.3")
   s.add_dependency("dnsruby", "~> 1.60")
   s.add_dependency("octokit", "~> 4.0")
-  s.add_dependency("public_suffix", ">= 2.0.2", "< 5.0")
+  s.add_dependency("public_suffix", ">= 3.0", "< 5.0")
   s.add_dependency("typhoeus", "~> 1.3")
 end

data/lib/github-pages-health-check/domain.rb CHANGED Viewed

@@ -77,15 +77,25 @@ module GitHubPages
         185.199.111.153
       ).freeze
+      CURRENT_IPV6_ADDRESSES = %w(
+        2606:50c0:8000::153
+        2606:50c0:8001::153
+        2606:50c0:8002::153
+        2606:50c0:8003::153
+      ).freeze
+      CURRENT_IP_ADDRESSES_ALL =
+        (CURRENT_IP_ADDRESSES + CURRENT_IPV6_ADDRESSES).freeze
       HASH_METHODS = %i[
         host uri nameservers dns_resolves? proxied? cloudflare_ip?
-        fastly_ip? old_ip_address? a_record? cname_record?
-        mx_records_present? valid_domain? apex_domain? should_be_a_record?
-        cname_to_github_user_domain? cname_to_pages_dot_github_dot_com?
-        cname_to_fastly? pointed_to_github_pages_ip?
-        non_github_pages_ip_present? pages_domain?
+        fastly_ip? old_ip_address? a_record? aaaa_record? a_record_present? aaaa_record_present?
+        cname_record? mx_records_present? valid_domain? apex_domain?
+        should_be_a_record? cname_to_github_user_domain?
+        cname_to_pages_dot_github_dot_com? cname_to_fastly?
+        pointed_to_github_pages_ip? non_github_pages_ip_present? pages_domain?
         served_by_pages? valid? reason valid_domain? https?
-        enforces_https? https_error https_eligible? caa_error
+        enforces_https? https_error https_eligible? caa_error dns_zone_soa? dns_zone_ns?
       ].freeze
       def self.redundant(host)
@@ -128,14 +138,13 @@ module GitHubPages
       def invalid_aaaa_record?
         return @invalid_aaaa_record if defined? @invalid_aaaa_record
-        @invalid_aaaa_record = (valid_domain? && should_be_a_record? &&
-                                aaaa_record_present?)
+        @invalid_aaaa_record = (valid_domain? && aaaa_record_present? && !should_be_a_record?)
       end
       def invalid_a_record?
         return @invalid_a_record if defined? @invalid_a_record
-        @invalid_a_record = (valid_domain? && a_record? && !should_be_a_record?)
+        @invalid_a_record = (valid_domain? && a_record_present? && !should_be_a_record?)
       end
       def invalid_cname?
@@ -164,7 +173,10 @@ module GitHubPages
       # Is this domain an apex domain, meaning a CNAME would be innapropriate
       def apex_domain?
         return @apex_domain if defined?(@apex_domain)
-        return unless valid_domain?
+        return false unless valid_domain?
+        return true if dns_zone_soa? && dns_zone_ns?
         # PublicSuffix.domain pulls out the apex-level domain name.
         # E.g. PublicSuffix.domain("techblog.netflix.com") # => "netflix.com"
@@ -177,6 +189,30 @@ module GitHubPages
                             :ignore_private => true) == unicode_host
       end
+      #
+      # Does the domain have an associated SOA record?
+      #
+      def dns_zone_soa?
+        return @soa_records if defined?(@soa_records)
+        return false unless dns?
+        @soa_records = dns.any? do |answer|
+          answer.type == Dnsruby::Types::SOA && answer.name.to_s == host
+        end
+      end
+      #
+      # Does the domain have assoicated NS records?
+      #
+      def dns_zone_ns?
+        return @ns_records if defined?(@ns_records)
+        return false unless dns?
+        @ns_records = dns.any? do |answer|
+          answer.type == Dnsruby::Types::NS && answer.name.to_s == host
+        end
+      end
       # Should the domain use an A record?
       def should_be_a_record?
         !pages_io_domain? && (apex_domain? || mx_records_present?)
@@ -186,20 +222,20 @@ module GitHubPages
         !should_be_a_record?
       end
-      # Is the domain's first response an A record to a valid GitHub Pages IP?
+      # Is the domain's first response an A or AAAA record to a valid GitHub Pages IP?
       def pointed_to_github_pages_ip?
-        a_record? && CURRENT_IP_ADDRESSES.include?(dns.first.address.to_s)
+        return false unless address_record?
+        CURRENT_IP_ADDRESSES_ALL.include?(dns.first.address.to_s.downcase)
       end
-      # Are any of the domain's A records pointing elsewhere?
+      # Are any of the domain's A or AAAA records pointing elsewhere?
       def non_github_pages_ip_present?
         return unless dns?
-        a_records = dns.select { |answer| answer.type == Dnsruby::Types::A }
-        a_records.any? { |answer| !github_pages_ip?(answer.address.to_s) }
-        false
+        dns
+          .select { |a| Dnsruby::Types::A == a.type || Dnsruby::Types::AAAA == a.type }
+          .any? { |a| !github_pages_ip?(a.address.to_s) }
       end
       # Is the domain's first response a CNAME to a pages domain?
@@ -278,7 +314,9 @@ module GitHubPages
         Dnsruby::Types::A,
         Dnsruby::Types::AAAA,
         Dnsruby::Types::CNAME,
-        Dnsruby::Types::MX
+        Dnsruby::Types::MX,
+        Dnsruby::Types::NS,
+        Dnsruby::Types::SOA
       ].freeze
       # Returns an array of DNS answers
@@ -316,15 +354,32 @@ module GitHubPages
       # Is this domain's first response an A record?
       def a_record?
+        return @is_a_record if defined?(@is_a_record)
         return unless dns?
-        dns.first.type == Dnsruby::Types::A
+        @is_a_record = Dnsruby::Types::A == dns.first.type
       end
+      # Is this domain's first response an AAAA record?
+      def aaaa_record?
+        return @is_aaaa_record if defined?(@is_aaaa_record)
+        return unless dns?
+        @is_aaaa_record = Dnsruby::Types::AAAA == dns.first.type
+      end
+      # Does this domain has an A record setup (not necessarily as the first record)?
+      def a_record_present?
+        return unless dns?
+        dns.any? { |answer| answer.type == Dnsruby::Types::A && answer.name.to_s == host }
+      end
+      # Does this domain has an AAAA record setup (not necessarily as the first record)?
       def aaaa_record_present?
         return unless dns?
-        dns.any? { |answer| answer.type == Dnsruby::Types::AAAA }
+        dns.any? { |answer| answer.type == Dnsruby::Types::AAAA && answer.name.to_s == host }
       end
       # Is this domain's first response a CNAME record?
@@ -339,6 +394,8 @@ module GitHubPages
       # The domain to which this domain's CNAME resolves
       # Returns nil if the domain is not a CNAME
       def cname
+        return unless dns?
         cnames = dns.take_while { |answer| answer.type == Dnsruby::Types::CNAME }
         return if cnames.empty?
@@ -392,8 +449,6 @@ module GitHubPages
       def https_eligible?
         # Can't have any IP's which aren't GitHub's present.
         return false if non_github_pages_ip_present?
-        # Can't have any AAAA records present
-        return false if aaaa_record_present?
         # Must be a CNAME or point to our IPs.
         # Only check the one domain if a CNAME. Don't check the parent domain.
@@ -405,13 +460,17 @@ module GitHubPages
       # Any errors querying CAA records
       def caa_error
-        return nil unless caa.errored?
+        return nil unless caa&.errored?
         caa.error.class.name
       end
       private
+      def address_record?
+        a_record? || aaaa_record?
+      end
       def caa
         @caa ||= GitHubPages::HealthCheck::CAA.new(
           :host => cname&.host || host,
@@ -486,10 +545,12 @@ module GitHubPages
       def cdn_ip?(cdn)
         return unless dns?
-        a_records = dns.select { |answer| answer.type == Dnsruby::Types::A }
-        return false if !a_records || a_records.empty?
+        address_records = dns.select do |answer|
+          Dnsruby::Types::A == answer.type || Dnsruby::Types::AAAA == answer.type
+        end
+        return false if !address_records || address_records.empty?
-        a_records.all? do |answer|
+        address_records.all? do |answer|
           cdn.controls_ip?(answer.address)
         end
       end
@@ -499,7 +560,7 @@ module GitHubPages
       end
       def github_pages_ip?(ip_addr)
-        CURRENT_IP_ADDRESSES.include?(ip_addr)
+        CURRENT_IP_ADDRESSES_ALL.include?(ip_addr&.to_s&.downcase)
       end
     end
   end

data/lib/github-pages-health-check/errors/invalid_aaaa_record_error.rb CHANGED Viewed

@@ -8,9 +8,9 @@ module GitHubPages
         def message
           <<-MSG
-             Your site's DNS settings are using a custom subdomain, #{domain.host},
-             that's set up with an AAAA record. GitHub Pages currently does not support
-             IPv6.
+          Your site's DNS settings are using a custom subdomain, #{domain.host},
+          that's set up as an AAAA record. We recommend you change this to a CNAME
+          record pointing at #{username}.github.io.
           MSG
         end
       end

data/lib/github-pages-health-check/version.rb CHANGED Viewed

@@ -2,6 +2,6 @@
 module GitHubPages
   module HealthCheck
-    VERSION = "1.17.2"
+    VERSION = "1.17.9"
   end
 end

data/script/check CHANGED Viewed

@@ -3,6 +3,8 @@
 #
 # Usage: script/check [DOMAIN]
+require "rubygems"
+require "bundler/setup"
 require_relative "../lib/github-pages-health-check"
 if ARGV.count != 1

data/script/update-cdn-ips CHANGED Viewed

@@ -8,15 +8,43 @@ require "open-uri"
 require "json"
 SOURCES = {
-  :cloudflare => "https://www.cloudflare.com/ips-v4",
-  :fastly => "https://api.fastly.com/public-ip-list"
+  :cloudflare => ["https://www.cloudflare.com/ips-v4", "https://www.cloudflare.com/ips-v6"],
+  :fastly => ["https://api.fastly.com/public-ip-list"]
 }.freeze
-SOURCES.each do |source, url|
+def parse_fastly(data)
+  json_data = JSON.parse(data)
+  (json_data["addresses"] + json_data["ipv6_addresses"]).join("\n")
+end
+def parse_cloudflare(data)
+  data
+end
+def fetch_ips_from_cdn(urls)
+  urls.map do |url|
+    puts "Fetching #{url}..."
+    URI.parse(url).open.read
+  end.join("\n")
+end
+def update_cdn_file(source, data)
   file = "config/#{source}-ips.txt"
-  puts "Fetching #{url}..."
-  data = open(url).read
-  data = JSON.parse(data)["addresses"].join("\n") if source == :fastly
   File.write(file, data)
+  puts "Writing contents to #{file} and staging changes."
   `git add --verbose #{file}`
 end
+def parse_cdn_response(source, ips)
+  send("parse_#{source}", ips)
+end
+def update_cdn_ips(source, urls)
+  ips = fetch_ips_from_cdn(urls)
+  data = parse_cdn_response(source, ips)
+  update_cdn_file(source, data)
+end
+SOURCES.each do |source, urls|
+  update_cdn_ips(source, urls)
+end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: github-pages-health-check
 version: !ruby/object:Gem::Version
-  version: 1.17.2
+  version: 1.17.9
 platform: ruby
 authors:
 - GitHub, Inc.
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-04-21 00:00:00.000000000 Z
+date: 2021-10-01 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: addressable
@@ -58,7 +58,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -68,7 +68,7 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 2.0.2
+        version: '3.0'
     - - "<"
       - !ruby/object:Gem::Version
         version: '5.0'
@@ -99,7 +99,6 @@ files:
 - ".rspec"
 - ".rubocop.yml"
 - ".ruby-version"
-- ".travis.yml"
 - Dockerfile
 - Gemfile
 - LICENSE.md
@@ -161,7 +160,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.2
+rubygems_version: 3.2.9
 signing_key:
 specification_version: 4
 summary: Checks your GitHub Pages site for commons DNS configuration issues

data/.travis.yml DELETED Viewed

@@ -1,16 +0,0 @@
-language: ruby
-rvm:
-  - 2.5
-  - 2.6
-  - 2.7
-before_install:
-  - gem update --system
-script: "script/cibuild"
-notifications:
-  email: false
-cache: bundler
-sudo: false