BREAKING CHANGE(core): now uses Google DNS HTTPS API and handles DNSSEC validation

This commit is contained in:
Philipp Kunz 2020-02-15 16:41:37 +00:00
parent d0527affc2
commit 929e4152d3
11 changed files with 1063 additions and 757 deletions

24
.gitignore vendored

@ -1,4 +1,22 @@
node_modules/ .nogit/
pages/
public/ # artifacts
coverage/ coverage/
public/
pages/
# installs
node_modules/
# caches
.yarn/
.cache/
.rpt2_cache
# builds
dist/
dist_web/
dist_serve/
dist_ts_web/
# custom

@ -1,16 +1,16 @@
# gitzone standard # gitzone ci_default
image: hosttoday/ht-docker-node:npmci image: registry.gitlab.com/hosttoday/ht-docker-node:npmci
cache: cache:
paths: paths:
- .npmci_cache/ - .npmci_cache/
key: "$CI_BUILD_STAGE" key: '$CI_BUILD_STAGE'
stages: stages:
- security - security
- test - test
- release - release
- metadata - metadata
# ==================== # ====================
# security stage # security stage
@ -20,62 +20,27 @@ mirror:
script: script:
- npmci git mirror - npmci git mirror
tags: tags:
- lossless
- docker - docker
- notpriv - notpriv
snyk: snyk:
image: registry.gitlab.com/hosttoday/ht-docker-node:snyk
stage: security stage: security
script: script:
- npmci npm prepare - npmci npm prepare
- npmci command npm install -g snyk
- npmci command npm install --ignore-scripts - npmci command npm install --ignore-scripts
- npmci command snyk test - npmci command snyk test
tags: tags:
- lossless
- docker - docker
- notpriv - notpriv
sast:
stage: security
image: registry.gitlab.com/hosttoday/ht-docker-dbase:npmci
variables:
DOCKER_DRIVER: overlay2
allow_failure: true
services:
- docker:stable-dind
script:
- npmci npm prepare
- npmci npm install
- npmci command npm run build
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/')
- docker run
--env SAST_CONFIDENCE_LEVEL="${SAST_CONFIDENCE_LEVEL:-3}"
--volume "$PWD:/code"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/sast:$SP_VERSION" /app/bin/run /code
artifacts:
reports:
sast: gl-sast-report.json
tags:
- docker
- priv
# ==================== # ====================
# test stage # test stage
# ==================== # ====================
testLTS: testStable:
stage: test
script:
- npmci npm prepare
- npmci node install lts
- npmci npm install
- npmci npm test
coverage: /\d+.?\d+?\%\s*coverage/
tags:
- docker
- notpriv
testSTABLE:
stage: test stage: test
script: script:
- npmci npm prepare - npmci npm prepare
@ -84,6 +49,20 @@ testSTABLE:
- npmci npm test - npmci npm test
coverage: /\d+.?\d+?\%\s*coverage/ coverage: /\d+.?\d+?\%\s*coverage/
tags: tags:
- lossless
- docker
- priv
testBuild:
stage: test
script:
- npmci npm prepare
- npmci node install stable
- npmci npm install
- npmci command npm run build
coverage: /\d+.?\d+?\%\s*coverage/
tags:
- lossless
- docker - docker
- notpriv - notpriv
@ -95,6 +74,7 @@ release:
only: only:
- tags - tags
tags: tags:
- lossless
- docker - docker
- notpriv - notpriv
@ -103,20 +83,14 @@ release:
# ==================== # ====================
codequality: codequality:
stage: metadata stage: metadata
image: docker:stable
allow_failure: true allow_failure: true
services:
- docker:stable-dind
script: script:
- export SP_VERSION=$(echo "$CI_SERVER_VERSION" | sed 's/^\([0-9]*\)\.\([0-9]*\).*/\1-\2-stable/') - npmci command npm install -g tslint typescript
- docker run - npmci npm prepare
--env SOURCE_CODE="$PWD" - npmci npm install
--volume "$PWD":/code - npmci command "tslint -c tslint.json ./ts/**/*.ts"
--volume /var/run/docker.sock:/var/run/docker.sock
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
artifacts:
paths: [codeclimate.json]
tags: tags:
- lossless
- docker - docker
- priv - priv
@ -127,18 +101,20 @@ trigger:
only: only:
- tags - tags
tags: tags:
- lossless
- docker - docker
- notpriv - notpriv
pages: pages:
image: hosttoday/ht-docker-node:npmci
stage: metadata stage: metadata
script: script:
- npmci command npm install -g typedoc typescript - npmci node install lts
- npmci command npm install -g @gitzone/tsdoc
- npmci npm prepare - npmci npm prepare
- npmci npm install - npmci npm install
- npmci command typedoc --module "commonjs" --target "ES2016" --out public/ ts/ - npmci command tsdoc
tags: tags:
- lossless
- docker - docker
- notpriv - notpriv
only: only:

29
.vscode/launch.json vendored Normal file

@ -0,0 +1,29 @@
{
"version": "0.2.0",
"configurations": [
{
"name": "current file",
"type": "node",
"request": "launch",
"args": [
"${relativeFile}"
],
"runtimeArgs": ["-r", "@gitzone/tsrun"],
"cwd": "${workspaceRoot}",
"protocol": "inspector",
"internalConsoleOptions": "openOnSessionStart"
},
{
"name": "test.ts",
"type": "node",
"request": "launch",
"args": [
"test/test.ts"
],
"runtimeArgs": ["-r", "@gitzone/tsrun"],
"cwd": "${workspaceRoot}",
"protocol": "inspector",
"internalConsoleOptions": "openOnSessionStart"
}
]
}

26
.vscode/settings.json vendored Normal file

@ -0,0 +1,26 @@
{
"json.schemas": [
{
"fileMatch": ["/npmextra.json"],
"schema": {
"type": "object",
"properties": {
"npmci": {
"type": "object",
"description": "settings for npmci"
},
"gitzone": {
"type": "object",
"description": "settings for gitzone",
"properties": {
"projectType": {
"type": "string",
"enum": ["website", "element", "service", "npm"]
}
}
}
}
}
}
]
}

@ -1,6 +1,15 @@
{ {
"gitzone": { "gitzone": {
"compliance": "standard" "projectType": "npm",
"compliance": "standard",
"module": {
"githost": {},
"gitscope": {},
"gitrepo": {},
"shortDescription": {},
"npmPackagename": {},
"license": {}
}
}, },
"npmci": { "npmci": {
"npmGlobalTools": [], "npmGlobalTools": [],

1328
package-lock.json generated

File diff suppressed because it is too large Load Diff

@ -25,15 +25,28 @@
}, },
"homepage": "https://gitlab.com/pushrocks/dnsly#README", "homepage": "https://gitlab.com/pushrocks/dnsly#README",
"dependencies": { "dependencies": {
"@pushrocks/smartdelay": "^2.0.2", "@pushrocks/smartdelay": "^2.0.6",
"@pushrocks/smartpromise": "^2.0.5" "@pushrocks/smartpromise": "^3.0.6",
"@pushrocks/smartrequest": "^1.1.47",
"@tsclass/tsclass": "^3.0.6"
}, },
"devDependencies": { "devDependencies": {
"@gitzone/tsbuild": "^2.1.4", "@gitzone/tsbuild": "^2.1.17",
"@gitzone/tstest": "^1.0.18", "@gitzone/tstest": "^1.0.28",
"@pushrocks/tapbundle": "^3.0.7", "@pushrocks/tapbundle": "^3.2.0",
"@types/node": "^10.12.18", "@types/node": "^13.7.1",
"tslint": "^5.12.0", "tslint": "^6.0.0",
"tslint-config-prettier": "^1.17.0" "tslint-config-prettier": "^1.18.0"
} },
"files": [
"ts/**/*",
"ts_web/**/*",
"dist/**/*",
"dist_web/**/*",
"dist_ts_web/**/*",
"assets/**/*",
"cli.js",
"npmextra.json",
"readme.md"
]
} }

@ -1,38 +1,37 @@
# @pushrocks/smartdns # @[object Object]/[object Object]
[object Object]
smart dns methods written in TypeScript ## Availabililty and Links
* [npmjs.org (npm package)](https://www.npmjs.com/package/[object Object])
## Availabililty * [gitlab.com (source)](https://[object Object]/[object Object]/[object Object])
* [github.com (source mirror)](https://github.com/[object Object]/[object Object])
[![npm](https://pushrocks.gitlab.io/assets/repo-button-npm.svg)](https://www.npmjs.com/package/@pushrocks/smartdns) * [docs (typedoc)](https://[object Object].gitlab.io/[object Object]/)
[![git](https://pushrocks.gitlab.io/assets/repo-button-git.svg)](https://GitLab.com/pushrocks/smartdns)
[![git](https://pushrocks.gitlab.io/assets/repo-button-mirror.svg)](https://github.com/pushrocks/smartdns)
[![docs](https://pushrocks.gitlab.io/assets/repo-button-docs.svg)](https://pushrocks.gitlab.io/smartdns/)
## Status for master ## Status for master
[![pipeline status](https://[object Object]/[object Object]/[object Object]/badges/master/pipeline.svg)](https://[object Object]/[object Object]/[object Object]/commits/master)
[![build status](https://GitLab.com/pushrocks/smartdns/badges/master/build.svg)](https://GitLab.com/pushrocks/smartdns/commits/master) [![coverage report](https://[object Object]/[object Object]/[object Object]/badges/master/coverage.svg)](https://[object Object]/[object Object]/[object Object]/commits/master)
[![coverage report](https://GitLab.com/pushrocks/smartdns/badges/master/coverage.svg)](https://GitLab.com/pushrocks/smartdns/commits/master) [![npm downloads per month](https://img.shields.io/npm/dm/[object Object].svg)](https://www.npmjs.com/package/[object Object])
[![npm downloads per month](https://img.shields.io/npm/dm/@pushrocks/smartdns.svg)](https://www.npmjs.com/package/@pushrocks/smartdns) [![Known Vulnerabilities](https://snyk.io/test/npm/[object Object]/badge.svg)](https://snyk.io/test/npm/[object Object])
[![Dependency Status](https://david-dm.org/pushrocks/smartdns.svg)](https://david-dm.org/pushrocks/smartdns) [![TypeScript](https://img.shields.io/badge/TypeScript->=%203.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
[![bitHound Dependencies](https://www.bithound.io/github/pushrocks/smartdns/badges/dependencies.svg)](https://www.bithound.io/github/pushrocks/smartdns/master/dependencies/npm) [![node](https://img.shields.io/badge/node->=%2010.x.x-blue.svg)](https://nodejs.org/dist/latest-v10.x/docs/api/)
[![bitHound Code](https://www.bithound.io/github/pushrocks/smartdns/badges/code.svg)](https://www.bithound.io/github/pushrocks/smartdns) [![JavaScript Style Guide](https://img.shields.io/badge/code%20style-prettier-ff69b4.svg)](https://prettier.io/)
[![TypeScript](https://img.shields.io/badge/TypeScript-2.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
[![node](https://img.shields.io/badge/node->=%206.x.x-blue.svg)](https://nodejs.org/dist/latest-v6.x/docs/api/)
[![JavaScript Style Guide](https://img.shields.io/badge/code%20style-standard-brightgreen.svg)](http://standardjs.com/)
## Usage ## Usage
Use TypeScript for best in class instellisense. Use TypeScript for best in class instellisense.
```typescript ```typescript
let myDnsly = new dnsly.Dnsly('google'); // uses Google DNS Servers e.g 8.8.8.8 const mySmartDns = new smartdns.SmartDns(); // uses Google DNS Https API
myDnsly const demoRecord = mySmartDns.getRecord('example.com', 'AAAA') // returns promise
.getRecord('example.com', 'AAAA') // returns promise /*
.then((record: dnsly.I_AAAA) => { demoRecord looks like this:
// AAAA record for google.com, the I_AAAA will give you proper typings for the record return type {
// do something name: 'example.com',
}); type: 'A',
dnsSecEnabled: true,
value: '104.24.103.243'
}
*/
``` ```
For further information read the linked docs at the top of this README. For further information read the linked docs at the top of this README.
@ -41,3 +40,10 @@ For further information read the linked docs at the top of this README.
> | By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html) > | By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy.html)
[![repo-footer](https://pushrocks.gitlab.io/assets/repo-footer.svg)](https://push.rocks) [![repo-footer](https://pushrocks.gitlab.io/assets/repo-footer.svg)](https://push.rocks)
For further information read the linked docs at the top of this readme.
> [object Object] licensed | **©** [Lossless GmbH](https://lossless.gmbh)
| By using this npm module you agree to our [privacy policy](https://lossless.gmbH/privacy)
[![repo-footer](https://lossless.gitlab.io/publicrelations/repofooter.svg)](https://maintainedby.lossless.com)

@ -5,7 +5,7 @@ import * as smartdns from '../ts/index';
let testDnsly: smartdns.Smartdns; let testDnsly: smartdns.Smartdns;
tap.test('should create an instance of Dnsly', async () => { tap.test('should create an instance of Dnsly', async () => {
testDnsly = new smartdns.Smartdns('cloudflare'); testDnsly = new smartdns.Smartdns({});
expect(testDnsly).to.be.instanceOf(smartdns.Smartdns); expect(testDnsly).to.be.instanceOf(smartdns.Smartdns);
}); });
@ -14,6 +14,7 @@ tap.test('should get an A DNS Record', async () => {
{ {
name: 'dnsly_a.bleu.de', name: 'dnsly_a.bleu.de',
value: '127.0.0.1', value: '127.0.0.1',
dnsSecEnabled: false,
type: 'A' type: 'A'
} }
]); ]);
@ -24,6 +25,7 @@ tap.test('should get an AAAA Record', async () => {
{ {
name: 'dnsly_aaaa.bleu.de', name: 'dnsly_aaaa.bleu.de',
value: '::1', value: '::1',
dnsSecEnabled: false,
type: 'AAAA' type: 'AAAA'
} }
]); ]);
@ -32,10 +34,10 @@ tap.test('should get an AAAA Record', async () => {
tap.test('should get a txt record', async () => { tap.test('should get a txt record', async () => {
return expect(testDnsly.getRecordTxt('dnsly_txt.bleu.de')).to.eventually.deep.equal([ return expect(testDnsly.getRecordTxt('dnsly_txt.bleu.de')).to.eventually.deep.equal([
{ {
chunked: ['sometext_txt'],
name: 'dnsly_txt.bleu.de', name: 'dnsly_txt.bleu.de',
value: 'sometext_txt', value: 'sometext_txt',
type: 'TXT' type: 'TXT',
dnsSecEnabled: false
} }
]); ]);
}); });
@ -65,4 +67,10 @@ tap.test('should get name server for hostname', async () => {
console.log(result); console.log(result);
}); });
tap.test('should detect dns sec', async () => {
const result = await testDnsly.getRecordA('lossless.com');
console.log(result[0]);
expect(result[0].dnsSecEnabled).to.be.true;
})
tap.start(); tap.start();

@ -1,5 +1,15 @@
// node native scope
import * as dns from 'dns'; import * as dns from 'dns';
export { dns };
// pushrocks scope
import * as smartdelay from '@pushrocks/smartdelay'; import * as smartdelay from '@pushrocks/smartdelay';
import * as smartpromise from '@pushrocks/smartpromise'; import * as smartpromise from '@pushrocks/smartpromise';
import * as smartrequest from '@pushrocks/smartrequest';
export { dns, smartdelay, smartpromise }; export { smartdelay, smartpromise, smartrequest };
import * as tsclass from '@tsclass/tsclass';
export { tsclass };

@ -1,37 +1,43 @@
import * as plugins from './dnsly.plugins'; import * as plugins from './dnsly.plugins';
export type TDnsProvider = 'google' | 'cloudflare'; export type TDnsProvider = 'google' | 'cloudflare';
export type TDnsRecordType =
| 'A'
| 'AAAA'
| 'CNAME'
| 'PTR'
| 'MX'
| 'NAPTR'
| 'NS'
| 'SOA'
| 'SRV'
| 'TXT';
export interface IDnsRecord { export interface ISmartDnsConstructorOptions {}
chunked?: string[];
name: string; export interface IGoogleDNSHTTPSResponse {
type: TDnsRecordType; Status: number;
value: string; TC: boolean;
RD: boolean;
RA: boolean;
AD: boolean;
CD: boolean;
Question: Array< { name: string, type: number }>;
Answer: Array<
{ name: string, type: number, TTL: number, data: string }
>,
Additional: [],
Comment: string
} }
/** /**
* class dnsly offers methods for working with dns from a dns provider like Google DNS * class dnsly offers methods for working with dns from a dns provider like Google DNS
*/ */
export class Smartdns { export class Smartdns {
dnsServerIp: string; public dnsServerIp: string;
dnsServerPort: number; public dnsServerPort: number;
public dnsTypeMap: {[key: string]: number} = {
A: 1,
AAAA: 28,
CNAME: 5,
MX: 15,
TXT: 16,
}
/** /**
* constructor for class dnsly * constructor for class dnsly
*/ */
constructor(dnsProviderArg: TDnsProvider = 'cloudflare') { constructor(optionsArg: ISmartDnsConstructorOptions) {}
this._setDnsProvider(dnsProviderArg);
}
/** /**
* check a dns record until it has propagated to Google DNS * check a dns record until it has propagated to Google DNS
@ -40,20 +46,20 @@ export class Smartdns {
* @param recordTypeArg * @param recordTypeArg
* @param expectedValue * @param expectedValue
*/ */
async checkUntilAvailable( public async checkUntilAvailable(
recordNameArg: string, recordNameArg: string,
recordTypeArg: TDnsRecordType, recordTypeArg: plugins.tsclass.network.TDnsRecordType,
expectedValue: string, expectedValue: string,
cyclesArg: number = 50, cyclesArg: number = 50,
intervalArg: number = 500 intervalArg: number = 500
) { ) {
let runCycles = 0; let runCycles = 0;
let doCheck = async () => { const doCheck = async () => {
if (runCycles < cyclesArg) { if (runCycles < cyclesArg) {
runCycles++; runCycles++;
try { try {
let myRecordArray = await this.getRecord(recordNameArg, recordTypeArg); const myRecordArray = await this.getRecord(recordNameArg, recordTypeArg);
let myRecord = myRecordArray[0].value[0]; const myRecord = myRecordArray[0].value;
if (myRecord === expectedValue) { if (myRecord === expectedValue) {
return true; return true;
} else { } else {
@ -75,67 +81,81 @@ export class Smartdns {
/** /**
* get A Dns Record * get A Dns Record
*/ */
async getRecordA(recordNameArg: string): Promise<IDnsRecord[]> { public async getRecordA(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
return await this.getRecord(recordNameArg, 'A'); return await this.getRecord(recordNameArg, 'A');
} }
/** /**
* get AAAA Record * get AAAA Record
*/ */
async getRecordAAAA(recordNameArg: string) { public async getRecordAAAA(recordNameArg: string) {
return await this.getRecord(recordNameArg, 'AAAA'); return await this.getRecord(recordNameArg, 'AAAA');
} }
/** /**
* gets a txt record * gets a txt record
*/ */
getRecordTxt(recordNameArg: string): Promise<IDnsRecord[]> { public async getRecordTxt(recordNameArg: string): Promise<plugins.tsclass.network.IDnsRecord[]> {
let done = plugins.smartpromise.defer<IDnsRecord[]>(); return await this.getRecord(recordNameArg, 'TXT');
plugins.dns.resolveTxt(recordNameArg, (err, recordsArg) => {
if (err) {
done.reject(err);
return;
} }
let responseArray: IDnsRecord[] = [];
for (let record of recordsArg) { public async getRecord(
let recordAny: any = record; // fix wrong typings recordNameArg: string,
responseArray.push({ recordTypeArg: plugins.tsclass.network.TDnsRecordType
chunked: recordAny, ): Promise<plugins.tsclass.network.IDnsRecord[]> {
name: recordNameArg, const requestUrl = `https://dns.google/resolve?name=${recordNameArg}&type=${recordTypeArg}&do=1`;
value: recordAny.join(' '), const response = await plugins.smartrequest.request(requestUrl, {
type: 'TXT' method: 'GET'
});
const returnArray: plugins.tsclass.network.IDnsRecord[] = [];
const responseBody: IGoogleDNSHTTPSResponse = response.body;
for (const dnsEntry of responseBody.Answer) {
if (dnsEntry.data.startsWith('"') && dnsEntry.data.endsWith('"')) {
dnsEntry.data = dnsEntry.data.replace(/^"(.*)"$/, '$1');
}
if (dnsEntry.name.endsWith('.')) {
dnsEntry.name = dnsEntry.name.substring(0, dnsEntry.name.length - 1);
}
returnArray.push({
name: dnsEntry.name,
type: this.convertDnsTypeNumberToTypeName(dnsEntry.type),
dnsSecEnabled: responseBody.AD,
value: dnsEntry.data
}); });
} }
done.resolve(responseArray); // console.log(responseBody);
}); return returnArray;
return done.promise;
} }
/** /**
* get oridinary record * gets a record using nodejs dns resolver
*/ */
getRecord(recordNameArg: string, recordTypeArg: TDnsRecordType): Promise<IDnsRecord[]> { public async getRecordWithNodeDNS(
let done = plugins.smartpromise.defer<IDnsRecord[]>(); recordNameArg: string,
recordTypeArg: plugins.tsclass.network.TDnsRecordType
): Promise<plugins.tsclass.network.IDnsRecord[]> {
const done = plugins.smartpromise.defer<plugins.tsclass.network.IDnsRecord[]>();
plugins.dns.resolve(recordNameArg, recordTypeArg, (err, recordsArg) => { plugins.dns.resolve(recordNameArg, recordTypeArg, (err, recordsArg) => {
if (err) { if (err) {
done.reject(err); done.reject(err);
return; return;
} }
let responseArray: IDnsRecord[] = []; const returnArray: plugins.tsclass.network.IDnsRecord[] = [];
for (let recordKey in recordsArg) { for (const recordKey in recordsArg) {
responseArray.push({ returnArray.push({
name: recordNameArg, name: recordNameArg,
value: recordsArg[recordKey], value: recordsArg[recordKey],
type: recordTypeArg type: recordTypeArg,
dnsSecEnabled: false
}); });
} }
done.resolve(responseArray); done.resolve(returnArray);
}); });
return done.promise; return done.promise;
} }
getNameServer(domainNameArg: string) { public async getNameServer(domainNameArg: string): Promise<string[]> {
const done = plugins.smartpromise.defer(); const done = plugins.smartpromise.defer<string[]>();
plugins.dns.resolveNs(domainNameArg, (err, result) => { plugins.dns.resolveNs(domainNameArg, (err, result) => {
if (!err) { if (!err) {
done.resolve(result); done.resolve(result);
@ -144,12 +164,16 @@ export class Smartdns {
done.reject(err); done.reject(err);
} }
}); });
return await done.promise;
} }
/** /**
* set the DNS provider * set the DNS provider
*/ */
private _setDnsProvider(dnsProvider: TDnsProvider) { public setNodeDnsProvider(dnsProvider: TDnsProvider) {
console.log(
`Warning: Setting the nodejs dns authority to ${dnsProvider}. Only do this if you know what you are doing.`
);
if (dnsProvider === 'google') { if (dnsProvider === 'google') {
this.dnsServerIp = '8.8.8.8'; this.dnsServerIp = '8.8.8.8';
this.dnsServerPort = 53; this.dnsServerPort = 53;
@ -162,4 +186,17 @@ export class Smartdns {
throw new Error('unknown dns provider'); throw new Error('unknown dns provider');
} }
} }
public convertDnsTypeNameToTypeNumber (dnsTypeNameArg: string): number {
return this.dnsTypeMap[dnsTypeNameArg];
}
public convertDnsTypeNumberToTypeName (dnsTypeNumberArg: number): plugins.tsclass.network.TDnsRecordType {
for (const key in this.dnsTypeMap) {
if (this.dnsTypeMap[key] === dnsTypeNumberArg) {
return key as plugins.tsclass.network.TDnsRecordType;
}
};
return null
}
} }