From dd3d72a806bfd710beadb101b24618dafc99fa4d Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 28 Dec 2020 15:25:25 +0000 Subject: [PATCH] Add tests for issue #617 --- .../u5-test-get_auth_dns-no-root-servers.bats | 89 +++++++++++++++++ .../u6-test-get_auth_dns-no-root-servers.bats | 99 +++++++++++++++++++ 2 files changed, 188 insertions(+) create mode 100644 test/u5-test-get_auth_dns-no-root-servers.bats create mode 100644 test/u6-test-get_auth_dns-no-root-servers.bats diff --git a/test/u5-test-get_auth_dns-no-root-servers.bats b/test/u5-test-get_auth_dns-no-root-servers.bats new file mode 100644 index 0000000..40d79a4 --- /dev/null +++ b/test/u5-test-get_auth_dns-no-root-servers.bats @@ -0,0 +1,89 @@ +#! /usr/bin/env bats + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +load '/getssl/test/test_helper.bash' + + +# This is run for every test +setup() { + for app in drill host nslookup + do + if [ -f /usr/bin/${app} ]; then + mv /usr/bin/${app} /usr/bin/${app}.getssl.bak + fi + done + + . /getssl/getssl --source + find_dns_utils + _RUNNING_TEST=1 + _USE_DEBUG=0 +} + + +teardown() { + for app in drill host nslookup + do + if [ -f /usr/bin/${app}.getssl.bak ]; then + mv /usr/bin/${app}.getssl.bak /usr/bin/${app} + fi + done +} + + +@test "Check get_auth_dns doesn't include root servers (dig NS)" { + # Test that get_auth_dns() handles scenario where NS query returns root servers + # Issue #617 + # + # Log output was: + # Verifying example.com + # checking DNS at h.root-servers.net for example.com. Attempt 1/100 gave wrong result, waiting 10 secs before checking again + # ... (retried until max attempts then failed) + + # Disable SOA and CNAME check + _TEST_SKIP_CNAME_CALL=1 + _TEST_SKIP_SOA_CALL=1 + + PUBLIC_DNS_SERVER=8.8.8.8 + CHECK_PUBLIC_DNS_SERVER=false + CHECK_ALL_AUTH_DNS=true + + run get_auth_dns example.com + + # Assert that we've found the primary_ns server + assert_output --regexp 'set primary_ns = ' + # Assert that we had to use dig NS + assert_line --partial 'Using dig NS' + + # Check we didn't include any root servers + refute_line --partial 'IN\WNS\W\.root-servers\.net\.' +} + + +@test "Check get_auth_dns doesn't include root servers (dig SOA)" { + # Test that get_auth_dns() handles scenario where NS query returns root servers + # Issue #617 + # + # Log output was: + # Verifying example.com + # checking DNS at h.root-servers.net for example.com. Attempt 1/100 gave wrong result, waiting 10 secs before checking again + # ... (retried until max attempts then failed) + + # Disable CNAME check, ensure SOA check is enabled + _TEST_SKIP_CNAME_CALL=1 + _TEST_SKIP_SOA_CALL=0 + + PUBLIC_DNS_SERVER=8.8.8.8 + CHECK_PUBLIC_DNS_SERVER=false + CHECK_ALL_AUTH_DNS=true + + run get_auth_dns example.com + + # Assert that we've found the primary_ns server + assert_output --regexp 'set primary_ns = ' + # Assert that we had to use dig SOA + assert_line --partial 'Using dig SOA' + + # Check we didn't include any root servers + refute_line --partial 'IN\WNS\W\.root-servers\.net\.' +} diff --git a/test/u6-test-get_auth_dns-no-root-servers.bats b/test/u6-test-get_auth_dns-no-root-servers.bats new file mode 100644 index 0000000..84012c3 --- /dev/null +++ b/test/u6-test-get_auth_dns-no-root-servers.bats @@ -0,0 +1,99 @@ +#! /usr/bin/env bats + +load '/bats-support/load.bash' +load '/bats-assert/load.bash' +load '/getssl/test/test_helper.bash' + + +# This is run for every test +setup() { + for app in dig host nslookup + do + if [ -f /usr/bin/${app} ]; then + mv /usr/bin/${app} /usr/bin/${app}.getssl.bak + fi + done + + . /getssl/getssl --source + find_dns_utils + _RUNNING_TEST=1 + _USE_DEBUG=0 +} + + +teardown() { + for app in dig host nslookup + do + if [ -f /usr/bin/${app}.getssl.bak ]; then + mv /usr/bin/${app}.getssl.bak /usr/bin/${app} + fi + done +} + + +@test "Check get_auth_dns doesn't include root servers (drill NS)" { + if [ ! -f /usr/bin/drill ]; then + # Can't find drill package for centos8 + skip "Drill not installed on this system" + fi + + # Test that get_auth_dns() handles scenario where NS query returns root servers + # Issue #617 + # + # Log output was: + # Verifying example.com + # checking DNS at h.root-servers.net for example.com. Attempt 1/100 gave wrong result, waiting 10 secs before checking again + # ... (retried until max attempts then failed) + + # Disable CNAME check, ensure SOA check is enabled + _TEST_SKIP_CNAME_CALL=1 + _TEST_SKIP_SOA_CALL=1 + + PUBLIC_DNS_SERVER=8.8.8.8 + CHECK_PUBLIC_DNS_SERVER=false + CHECK_ALL_AUTH_DNS=true + + run get_auth_dns example.com + + # Assert that we've found the primary_ns server + assert_output --regexp 'set primary_ns = ' + # Assert that we had to use drill NS + assert_line --partial 'Using drill NS' + + # Check we didn't include any root servers + refute_line --partial 'IN\WNS\W\.root-servers\.net\.' +} + + +@test "Check get_auth_dns doesn't include root servers (drill SOA)" { + if [ ! -f /usr/bin/drill ]; then + # Can't find drill package for centos8 + skip "Drill not installed on this system" + fi + + # Test that get_auth_dns() handles scenario where NS query returns root servers + # Issue #617 + # + # Log output was: + # Verifying example.com + # checking DNS at h.root-servers.net for example.com. Attempt 1/100 gave wrong result, waiting 10 secs before checking again + # ... (retried until max attempts then failed) + + # Disable SOA and CNAME check + _TEST_SKIP_CNAME_CALL=1 + _TEST_SKIP_SOA_CALL=0 + + PUBLIC_DNS_SERVER=8.8.8.8 + CHECK_PUBLIC_DNS_SERVER=false + CHECK_ALL_AUTH_DNS=true + + run get_auth_dns example.com + + # Assert that we've found the primary_ns server + assert_output --regexp 'set primary_ns = ' + # Assert that we had to use drill SOA + assert_line --partial 'Using drill SOA' + + # Check we didn't include any root servers + refute_line --partial 'IN\WNS\W\.root-servers\.net\.' +}