SPF: verify the domain names of modifiers.

2024-03-07 02:35:59 +01:00 · 2024-03-07 02:35:59 +01:00 · bf5efccca7
commit bf5efccca7
parent 5b93c32669
2 changed files with 17 additions and 2 deletions
--- a/src/App/DisplayErrors.purs
+++ b/src/App/DisplayErrors.purs
@ -39,6 +39,7 @@ error_to_paragraph v = Bulma.error_message (Bulma.p $ show_error_title v)
      ValidationDNS.VESPFMechanismName err -> maybe default_error show_error_domain err.error
      ValidationDNS.VESPFMechanismIPv4 err -> maybe default_error show_error_ip4 err.error
      ValidationDNS.VESPFMechanismIPv6 err -> maybe default_error show_error_ip6 err.error
+      ValidationDNS.VESPFModifierName  err -> maybe default_error show_error_domain err.error
  )
  where default_error = Bulma.p ""

@ -61,10 +62,12 @@ show_error_title v = case v of
  ValidationDNS.VEWeight min max n   -> "Invalid Weight (min: " <> show min <> ", max: " <> show max <> ", n: " <> show n <> ")"

  -- SPF dedicated RR
-  ValidationDNS.VESPFMechanismName err -> "The name (domain label) in a SPF mechanism is wrong (position: " <> show err.position <> ")"
+  ValidationDNS.VESPFMechanismName err -> "The domain name in a SPF mechanism is wrong (position: " <> show err.position <> ")"
  ValidationDNS.VESPFMechanismIPv4 err -> "The IPv4 address in a SPF mechanism is wrong (position: "        <> show err.position <> ")"
  ValidationDNS.VESPFMechanismIPv6 err -> "The IPv6 address in a SPF mechanism is wrong (position: "        <> show err.position <> ")"

+  ValidationDNS.VESPFModifierName err -> "The domain name in a SPF modifier (EXP or REDIRECT) is wrong (position: " <> show err.position <> ")"
+
 show_error_domain :: forall w i. DomainParser.DomainError -> HH.HTML w i
 show_error_domain e = case e of
  DomainParser.LabelTooLarge size ->
--- a/src/App/Validation/DNS.purs
+++ b/src/App/Validation/DNS.purs
@ -54,6 +54,8 @@ data Error
  | VESPFMechanismIPv4 (G.Error IPAddress.IPv4Error)
  | VESPFMechanismIPv6 (G.Error IPAddress.IPv6Error)

+  | VESPFModifierName (G.Error DomainParser.DomainError)
+
 type AVErrors = Array Error

 -- | Current default values.
@ -213,17 +215,27 @@ validate_SPF_mechanism m = case m.t of
    in first m name -- name is discarded
  _ -> pure m

+validate_SPF_modifier :: Modifier -> V (Array Error) Modifier
+validate_SPF_modifier m = case m.t of
+  RR.EXP -> ado
+    name <- parse DomainParser.sub_eof m.v VESPFModifierName
+    in first m name -- name is discarded
+  RR.REDIRECT -> ado
+    name <- parse DomainParser.sub_eof m.v VESPFModifierName
+    in first m name -- name is discarded
+
 validationSPF :: ResourceRecord -> V (Array Error) ResourceRecord
 validationSPF form = ado
  name     <- parse DomainParser.sub_eof form.name     VEName
  ttl      <- is_between min_ttl max_ttl form.ttl      VETTL
  mechanisms <- verification_loop validate_SPF_mechanism (maybe [] id form.mechanisms)
+  modifiers  <- verification_loop validate_SPF_modifier  (maybe [] id form.modifiers)
  -- No need to validate the target, actually, it will be completely discarded.
  -- The different specific entries replace `target` completely.
  in emptyRR { rrid = form.rrid, readonly = form.readonly, rrtype = "SPF"
             , name = name, ttl = ttl, target = "" -- `target` is discarded!
             , v = form.v, mechanisms = Just mechanisms
-             , modifiers = form.modifiers, q = form.q }
+             , modifiers = Just modifiers, q = form.q }

 --validationDKIM :: ResourceRecord -> V (Array Error) ResourceRecord
 --validationDKIM form = ado