github-pages-health-check 1.14.0 → 1.15.0
Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 8834b93511d8ba6c9b53a1819cda17c8aea730a84196bc8f1271ddedc4674f66
|
4
|
+
data.tar.gz: 869bdfce15c6817adac72ccd78666ea6cd8c3080aaa2adba4e99f042c8dc037f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7b1e442409c64a742db36f7439ea1378cf40e130807eed20b689d4f80cec31c1c390e33c6d71e0f4400f38f23cdb208cf7307db308d930dad9236c1f676ff544
|
7
|
+
data.tar.gz: 8ea3498c4725ebb75d087b79bbc519a30737fe12e348477c8424307153eef2d102e5b2c333da225beb78adddfb66deec94e903fe91857c68390f4d09f8d29783
|
@@ -9,7 +9,7 @@ module GitHubPages
|
|
9
9
|
class CAA
|
10
10
|
attr_reader :host, :error, :nameservers
|
11
11
|
|
12
|
-
def initialize(host, nameservers:
|
12
|
+
def initialize(host, nameservers: :default)
|
13
13
|
raise ArgumentError, "host cannot be nil" if host.nil?
|
14
14
|
|
15
15
|
@host = host
|
@@ -24,24 +24,30 @@ module GitHubPages
|
|
24
24
|
def lets_encrypt_allowed?
|
25
25
|
return false if errored?
|
26
26
|
return true unless records_present?
|
27
|
+
|
27
28
|
records.any? { |r| r.property_value == "letsencrypt.org" }
|
28
29
|
end
|
29
30
|
|
30
31
|
def records_present?
|
31
32
|
return false if errored?
|
33
|
+
|
32
34
|
records && !records.empty?
|
33
35
|
end
|
34
36
|
|
35
37
|
def records
|
36
|
-
@records
|
37
|
-
|
38
|
-
|
38
|
+
return @records if defined?(@records)
|
39
|
+
|
40
|
+
@records = get_caa_records(host)
|
41
|
+
@records = get_caa_records(parent_host) if @records.nil? || @records.empty?
|
42
|
+
|
43
|
+
@records
|
39
44
|
end
|
40
45
|
|
41
46
|
private
|
42
47
|
|
43
48
|
def get_caa_records(domain)
|
44
49
|
return [] if domain.nil?
|
50
|
+
|
45
51
|
query(domain).select { |r| issue_caa_record?(r) }
|
46
52
|
end
|
47
53
|
|
@@ -59,6 +65,10 @@ module GitHubPages
|
|
59
65
|
def resolver(domain)
|
60
66
|
GitHubPages::HealthCheck::Resolver.new(domain, :nameservers => nameservers)
|
61
67
|
end
|
68
|
+
|
69
|
+
def parent_host
|
70
|
+
host.split(".").drop(1).join(".")
|
71
|
+
end
|
62
72
|
end
|
63
73
|
end
|
64
74
|
end
|
@@ -113,31 +113,37 @@ module GitHubPages
|
|
113
113
|
raise Errors::InvalidCNAMEError, :domain => self if invalid_cname?
|
114
114
|
raise Errors::InvalidAAAARecordError, :domain => self if invalid_aaaa_record?
|
115
115
|
raise Errors::NotServedByPagesError, :domain => self unless served_by_pages?
|
116
|
+
|
116
117
|
true
|
117
118
|
end
|
118
119
|
|
119
120
|
def deprecated_ip?
|
120
121
|
return @deprecated_ip if defined? @deprecated_ip
|
122
|
+
|
121
123
|
@deprecated_ip = (valid_domain? && a_record? && old_ip_address?)
|
122
124
|
end
|
123
125
|
|
124
126
|
def invalid_aaaa_record?
|
125
127
|
return @invalid_aaaa_record if defined? @invalid_aaaa_record
|
128
|
+
|
126
129
|
@invalid_aaaa_record = (valid_domain? && should_be_a_record? &&
|
127
130
|
aaaa_record_present?)
|
128
131
|
end
|
129
132
|
|
130
133
|
def invalid_a_record?
|
131
134
|
return @invalid_a_record if defined? @invalid_a_record
|
135
|
+
|
132
136
|
@invalid_a_record = (valid_domain? && a_record? && !should_be_a_record?)
|
133
137
|
end
|
134
138
|
|
135
139
|
def invalid_cname?
|
136
140
|
return @invalid_cname if defined? @invalid_cname
|
141
|
+
|
137
142
|
@invalid_cname = begin
|
138
143
|
return false unless valid_domain?
|
139
144
|
return false if github_domain? || apex_domain?
|
140
145
|
return true if cname_to_pages_dot_github_dot_com? || cname_to_fastly?
|
146
|
+
|
141
147
|
!cname_to_github_user_domain? && should_be_cname_record?
|
142
148
|
end
|
143
149
|
end
|
@@ -146,8 +152,11 @@ module GitHubPages
|
|
146
152
|
# Used as an escape hatch to prevent false positives on DNS checkes
|
147
153
|
def valid_domain?
|
148
154
|
return @valid if defined? @valid
|
155
|
+
|
149
156
|
unicode_host = Addressable::IDNA.to_unicode(host)
|
150
|
-
@valid = PublicSuffix.valid?(unicode_host,
|
157
|
+
@valid = PublicSuffix.valid?(unicode_host,
|
158
|
+
:default_rule => nil,
|
159
|
+
:ignore_private => true)
|
151
160
|
end
|
152
161
|
|
153
162
|
# Is this domain an apex domain, meaning a CNAME would be innapropriate
|
@@ -161,7 +170,9 @@ module GitHubPages
|
|
161
170
|
# E.g. PublicSuffix.domain("blog.digital.gov.uk") # => "digital.gov.uk"
|
162
171
|
# For apex-level domain names, DNS providers do not support CNAME records.
|
163
172
|
unicode_host = Addressable::IDNA.to_unicode(host)
|
164
|
-
PublicSuffix.domain(unicode_host
|
173
|
+
PublicSuffix.domain(unicode_host,
|
174
|
+
:default_rule => nil,
|
175
|
+
:ignore_private => true) == unicode_host
|
165
176
|
end
|
166
177
|
|
167
178
|
# Should the domain use an A record?
|
@@ -181,6 +192,7 @@ module GitHubPages
|
|
181
192
|
# Are any of the domain's A records pointing elsewhere?
|
182
193
|
def non_github_pages_ip_present?
|
183
194
|
return unless dns?
|
195
|
+
|
184
196
|
a_records = dns.select { |answer| answer.type == Dnsruby::Types::A }
|
185
197
|
|
186
198
|
a_records.any? { |answer| !github_pages_ip?(answer.address.to_s) }
|
@@ -256,6 +268,7 @@ module GitHubPages
|
|
256
268
|
return false if cname_to_github_user_domain?
|
257
269
|
return false if cname_to_pages_dot_github_dot_com?
|
258
270
|
return false if cname_to_fastly? || fastly_ip?
|
271
|
+
|
259
272
|
served_by_pages?
|
260
273
|
end
|
261
274
|
|
@@ -270,9 +283,11 @@ module GitHubPages
|
|
270
283
|
def dns
|
271
284
|
return @dns if defined? @dns
|
272
285
|
return unless valid_domain?
|
286
|
+
|
273
287
|
@dns = Timeout.timeout(TIMEOUT) do
|
274
288
|
GitHubPages::HealthCheck.without_warnings do
|
275
289
|
next if host.nil?
|
290
|
+
|
276
291
|
REQUESTED_RECORD_TYPES
|
277
292
|
.map { |type| resolver.query(type) }
|
278
293
|
.flatten.uniq
|
@@ -300,11 +315,13 @@ module GitHubPages
|
|
300
315
|
# Is this domain's first response an A record?
|
301
316
|
def a_record?
|
302
317
|
return unless dns?
|
318
|
+
|
303
319
|
dns.first.type == Dnsruby::Types::A
|
304
320
|
end
|
305
321
|
|
306
322
|
def aaaa_record_present?
|
307
323
|
return unless dns?
|
324
|
+
|
308
325
|
dns.any? { |answer| answer.type == Dnsruby::Types::AAAA }
|
309
326
|
end
|
310
327
|
|
@@ -312,6 +329,7 @@ module GitHubPages
|
|
312
329
|
def cname_record?
|
313
330
|
return unless dns?
|
314
331
|
return false unless cname
|
332
|
+
|
315
333
|
cname.valid_domain?
|
316
334
|
end
|
317
335
|
alias cname? cname_record?
|
@@ -320,11 +338,13 @@ module GitHubPages
|
|
320
338
|
# Returns nil if the domain is not a CNAME
|
321
339
|
def cname
|
322
340
|
return unless dns.first.type == Dnsruby::Types::CNAME
|
341
|
+
|
323
342
|
@cname ||= Domain.new(dns.first.cname.to_s)
|
324
343
|
end
|
325
344
|
|
326
345
|
def mx_records_present?
|
327
346
|
return unless dns?
|
347
|
+
|
328
348
|
dns.any? { |answer| answer.type == Dnsruby::Types::MX }
|
329
349
|
end
|
330
350
|
|
@@ -361,20 +381,30 @@ module GitHubPages
|
|
361
381
|
# Does this domain redirect HTTP requests to HTTPS?
|
362
382
|
def enforces_https?
|
363
383
|
return false unless https? && http_response.headers["Location"]
|
384
|
+
|
364
385
|
redirect = Addressable::URI.parse(http_response.headers["Location"])
|
365
386
|
redirect.scheme == "https" && redirect.host == host
|
366
387
|
end
|
367
388
|
|
368
389
|
# Can an HTTPS certificate be issued for this domain?
|
369
390
|
def https_eligible?
|
370
|
-
|
371
|
-
|
372
|
-
|
391
|
+
# Can't have any IP's which aren't GitHub's present.
|
392
|
+
return false if non_github_pages_ip_present?
|
393
|
+
# Can't have any AAAA records present
|
394
|
+
return false if aaaa_record_present?
|
395
|
+
# Must be a CNAME or point to our IPs.
|
396
|
+
|
397
|
+
# Only check the one domain if a CNAME. Don't check the parent domain.
|
398
|
+
return true if cname_to_github_user_domain?
|
399
|
+
|
400
|
+
# Check CAA records for the full domain and its parent domain.
|
401
|
+
pointed_to_github_pages_ip? && caa.lets_encrypt_allowed?
|
373
402
|
end
|
374
403
|
|
375
404
|
# Any errors querying CAA records
|
376
405
|
def caa_error
|
377
406
|
return nil unless caa.errored?
|
407
|
+
|
378
408
|
caa.error.class.name
|
379
409
|
end
|
380
410
|
|
@@ -15,6 +15,7 @@ module GitHubPages
|
|
15
15
|
unless name_with_owner.match(REPO_REGEX)
|
16
16
|
raise Errors::InvalidRepositoryError
|
17
17
|
end
|
18
|
+
|
18
19
|
parts = name_with_owner.split("/")
|
19
20
|
@owner = parts.first
|
20
21
|
@name = parts.last
|
@@ -28,6 +29,7 @@ module GitHubPages
|
|
28
29
|
|
29
30
|
def check!
|
30
31
|
raise Errors::BuildError.new(:repository => self), build_error unless built?
|
32
|
+
|
31
33
|
true
|
32
34
|
end
|
33
35
|
|
@@ -54,6 +56,7 @@ module GitHubPages
|
|
54
56
|
|
55
57
|
def domain
|
56
58
|
return if cname.nil?
|
59
|
+
|
57
60
|
@domain ||= GitHubPages::HealthCheck::Domain.redundant(cname)
|
58
61
|
end
|
59
62
|
|
@@ -61,6 +64,7 @@ module GitHubPages
|
|
61
64
|
|
62
65
|
def client
|
63
66
|
raise Errors::MissingAccessTokenError if @access_token.nil?
|
67
|
+
|
64
68
|
@client ||= Octokit::Client.new(:access_token => @access_token)
|
65
69
|
end
|
66
70
|
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: github-pages-health-check
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.
|
4
|
+
version: 1.15.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- GitHub, Inc.
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2018-
|
11
|
+
date: 2018-10-26 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: addressable
|