Revamp Profile Domains and Ports to Endpoints and ServiceEndpoints

2019-01-17 10:55:06 +01:00
parent 4017de7dac
commit bde81d815d
13 changed files with 417 additions and 249 deletions
--- a/intel/main_test.go
+++ b/intel/main_test.go
@@ -0,0 +1,38 @@
+package intel
+
+import (
+	"os"
+	"testing"
+
+	"github.com/Safing/portbase/database/dbmodule"
+	"github.com/Safing/portbase/log"
+	"github.com/Safing/portbase/modules"
+)
+
+func TestMain(m *testing.M) {
+	// setup
+	testDir := os.TempDir()
+	dbmodule.SetDatabaseLocation(testDir)
+	err := modules.Start()
+	if err != nil {
+		if err == modules.ErrCleanExit {
+			os.Exit(0)
+		} else {
+			err = modules.Shutdown()
+			if err != nil {
+				log.Shutdown()
+			}
+			os.Exit(1)
+		}
+	}
+
+	// run tests
+	rv := m.Run()
+
+	// teardown
+	modules.Shutdown()
+	os.RemoveAll(testDir)
+
+	// exit with test run return value
+	os.Exit(rv)
+}
--- a/intel/reverse.go
+++ b/intel/reverse.go
@@ -0,0 +1,72 @@
+package intel
+
+import (
+	"errors"
+	"strings"
+
+	"github.com/Safing/portbase/log"
+	"github.com/miekg/dns"
+)
+
+// ResolveIPAndValidate finds (reverse DNS), validates (forward DNS) and returns the domain name assigned to the given IP.
+func ResolveIPAndValidate(ip string, securityLevel uint8) (domain string, err error) {
+	// get reversed DNS address
+	rQ, err := dns.ReverseAddr(ip)
+	if err != nil {
+		log.Tracef("intel: failed to get reverse address of %s: %s", ip, err)
+		return "", err
+	}
+
+	// get PTR record
+	rrCache := Resolve(rQ, dns.Type(dns.TypePTR), securityLevel)
+	if rrCache == nil {
+		return "", errors.New("querying for PTR record failed (may be NXDomain)")
+	}
+
+	// get result from record
+	var ptrName string
+	for _, rr := range rrCache.Answer {
+		ptrRec, ok := rr.(*dns.PTR)
+		if ok {
+			ptrName = ptrRec.Ptr
+			break
+		}
+	}
+
+	// check for nxDomain
+	if ptrName == "" {
+		return "", errors.New("no PTR record for IP (nxDomain)")
+	}
+
+	log.Infof("ptrName: %s", ptrName)
+
+	// get forward record
+	if strings.Contains(ip, ":") {
+		rrCache = Resolve(ptrName, dns.Type(dns.TypeAAAA), securityLevel)
+	} else {
+		rrCache = Resolve(ptrName, dns.Type(dns.TypeA), securityLevel)
+	}
+	if rrCache == nil {
+		return "", errors.New("querying for A/AAAA record failed (may be NXDomain)")
+	}
+
+	// check for matching A/AAAA record
+	log.Infof("rr: %s", rrCache)
+	for _, rr := range rrCache.Answer {
+		switch v := rr.(type) {
+		case *dns.A:
+			log.Infof("A: %s", v.A.String())
+			if ip == v.A.String() {
+				return ptrName, nil
+			}
+		case *dns.AAAA:
+			log.Infof("AAAA: %s", v.AAAA.String())
+			if ip == v.AAAA.String() {
+				return ptrName, nil
+			}
+		}
+	}
+
+	// no match
+	return "", errors.New("validation failed")
+}
--- a/intel/reverse_test.go
+++ b/intel/reverse_test.go
@@ -0,0 +1,28 @@
+package intel
+
+import "testing"
+
+func testReverse(t *testing.T, ip, result, expectedErr string) {
+	domain, err := ResolveIPAndValidate(ip, 0)
+	if err != nil {
+		if expectedErr == "" || err.Error() != expectedErr {
+			t.Errorf("reverse-validating %s: unexpected error: %s", ip, err)
+		}
+		return
+	}
+
+	if domain != result {
+		t.Errorf("reverse-validating %s: unexpected result: %s", ip, domain)
+	}
+}
+
+func TestResolveIPAndValidate(t *testing.T) {
+	testReverse(t, "198.41.0.4", "a.root-servers.net.", "")
+	testReverse(t, "9.9.9.9", "dns.quad9.net.", "")
+	testReverse(t, "2620:fe::fe", "dns.quad9.net.", "")
+	testReverse(t, "1.1.1.1", "one.one.one.one.", "")
+	testReverse(t, "2606:4700:4700::1111", "one.one.one.one.", "")
+
+	testReverse(t, "93.184.216.34", "example.com.", "no PTR record for IP (nxDomain)")
+	testReverse(t, "185.199.109.153", "sites.github.io.", "no PTR record for IP (nxDomain)")
+}