Enhanced Nameserver Input Validation #356

developStorm · 2024-03-02T05:12:14Z

The refactored code leverages the built-in net package to perform more rigorous validation of the input nameserver address. It enforces that the input address be a valid IP address, with or without a port.

Tests

// Valid IPv4 address without port
> echo "google.com,1.1.1.1" | go run . -- A
{...,"resolver":"1.1.1.1:53"},"name":"google.com","status":"NOERROR"...}

// Valid IPv4 address with port
> echo "google.com,8.8.8.8:53" | go run . -- A
{...,"resolver":"8.8.8.8:53"},"name":"google.com","status":"NOERROR"...}

// Valid IPv4 address with non-standard port
> echo "google.com,8.8.8.8:5353" | go run . -- A
{"data":{"protocol":"udp","resolver":"8.8.8.8:5353"},"name":"google.com","status":"TIMEOUT"}

// Invalid IP address with port
> echo "google.com,example.com:80" | go run . -- A
FATA[0000] Unable to parse nameserver: invalid IP address 
exit status 1

// Invalid IP address without port
> echo "google.com,example.com" | go run . -- A
FATA[0000] Unable to parse nameserver: invalid IP address 
exit status 1

// Invalid IPv6 address
> echo "google.com,2001:4860:4860:0:0:0:0:8888:53" | go run . -- A
FATA[0000] Unable to parse nameserver: invalid IP address 
exit status 1

// Valid IPv6 address without port
> echo "google.com,2001:4860:4860::8888" | go run . -- A
{"data":{"protocol":"udp","resolver":"[2001:4860:4860::8888]:53"},"error":"write udp [redacted]:51462-\u003e[2001:4860:4860::8888]:53: address 2001:4860:4860::8888: non-IPv4 address","name":"google.com","status":"ERROR"}

// Valid IPv6 address with non-standard port
> echo "google.com,[2001:4860:4860:0:0:0:0:8888]:5353" | go run . -- A
{"data":{"protocol":"udp","resolver":"[2001:4860:4860:0:0:0:0:8888]:5353"},"error":"write udp [redacted]:49824-\u003e[2001:4860:4860::8888]:5353: address 2001:4860:4860::8888: non-IPv4 address","name":"google.com","status":"ERROR"}

Tests that fail on main branch

// Invalid IP address with port
> echo "google.com,example.com:80" | go run . -- A
{"data":{"protocol":"udp","resolver":"example.com:80"},"name":"google.com","status":"TIMEOUT"}

// Invalid IP address without port
> echo "google.com,example.com" | go run . -- A
{"data":{"protocol":"udp","resolver":"example.com:53"},"name":"google.com","status":"REFUSED"}

resolves #284

the refactored function relies on built-in net package to perform more rigorous validation on input nameserver address

phillip-stephens

LGTM, thanks for the rigorous tests and help on this @developStorm!!

refactor: AddDefaultPortToDNSServerName

ccdd03a

the refactored function relies on built-in net package to perform more rigorous validation on input nameserver address

developStorm added the enhancement label Mar 2, 2024

developStorm self-assigned this Mar 2, 2024

developStorm requested a review from a team as a code owner March 2, 2024 05:12

zakird assigned phillip-stephens Mar 2, 2024

Merge branch 'main' into feat/enhanced-input-ns-validation

1f956d7

phillip-stephens approved these changes Mar 13, 2024

View reviewed changes

phillip-stephens merged commit 610e4c7 into main Mar 13, 2024
4 checks passed

phillip-stephens deleted the feat/enhanced-input-ns-validation branch March 13, 2024 20:22

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Enhanced Nameserver Input Validation #356

Enhanced Nameserver Input Validation #356

developStorm commented Mar 2, 2024 •

edited

Loading

phillip-stephens left a comment

Enhanced Nameserver Input Validation #356

Enhanced Nameserver Input Validation #356

Conversation

developStorm commented Mar 2, 2024 • edited Loading

Tests

Tests that fail on main branch

phillip-stephens left a comment

Choose a reason for hiding this comment

developStorm commented Mar 2, 2024 •

edited

Loading