diff options
author | Bob Halley <halley@dnspython.org> | 2021-10-24 06:10:58 -0700 |
---|---|---|
committer | Bob Halley <halley@dnspython.org> | 2021-10-24 06:10:58 -0700 |
commit | e298b0d231db0444746886252c9a48ce8fce364d (patch) | |
tree | 390e42f87c96f646085354c3f7db799591e606e0 | |
parent | db8f8459664d38df0683c7946928f6431918bf9a (diff) | |
download | dnspython-e298b0d231db0444746886252c9a48ce8fce364d.tar.gz |
Validate resolver nameservers when set [Issue #699].
-rw-r--r-- | dns/resolver.py | 11 | ||||
-rw-r--r-- | tests/test_async.py | 8 | ||||
-rw-r--r-- | tests/test_doh.py | 6 | ||||
-rw-r--r-- | tests/test_resolver.py | 10 |
4 files changed, 18 insertions, 17 deletions
diff --git a/dns/resolver.py b/dns/resolver.py index 6a9974d..08e9e61 100644 --- a/dns/resolver.py +++ b/dns/resolver.py @@ -1120,6 +1120,14 @@ class BaseResolver: ``list``. """ if isinstance(nameservers, list): + for nameserver in nameservers: + if not dns.inet.is_address(nameserver): + try: + if urlparse(nameserver).scheme != 'https': + raise NotImplementedError + except Exception: + raise ValueError(f'nameserver {nameserver} is not an ' + 'IP address or valid https URL') self._nameservers = nameservers else: raise ValueError('nameservers must be a list' @@ -1219,9 +1227,6 @@ class Resolver(BaseResolver): source_port=source_port, raise_on_truncation=True) else: - protocol = urlparse(nameserver).scheme - if protocol != 'https': - raise NotImplementedError response = dns.query.https(request, nameserver, timeout=timeout) except Exception as ex: diff --git a/tests/test_async.py b/tests/test_async.py index cad7e20..0782c7a 100644 --- a/tests/test_async.py +++ b/tests/test_async.py @@ -216,14 +216,6 @@ class AsyncTests(unittest.TestCase): return await dns.asyncresolver.canonical_name(name) self.assertEqual(self.async_run(run), cname) - def testResolverBadScheme(self): - res = dns.asyncresolver.Resolver(configure=False) - res.nameservers = ['bogus://dns.google/dns-query'] - async def run(): - answer = await res.resolve('dns.google', 'A') - def bad(): - self.async_run(run) - self.assertRaises(dns.resolver.NoNameservers, bad) def testZoneForName1(self): async def run(): diff --git a/tests/test_doh.py b/tests/test_doh.py index 793a500..835e07d 100644 --- a/tests/test_doh.py +++ b/tests/test_doh.py @@ -139,12 +139,6 @@ class DNSOverHTTPSTestCase(unittest.TestCase): self.assertTrue('8.8.8.8' in seen) self.assertTrue('8.8.4.4' in seen) - def test_resolver_bad_scheme(self): - res = dns.resolver.Resolver(configure=False) - res.nameservers = ['bogus://dns.google/dns-query'] - def bad(): - answer = res.resolve('dns.google', 'A') - self.assertRaises(dns.resolver.NoNameservers, bad) if __name__ == '__main__': unittest.main() diff --git a/tests/test_resolver.py b/tests/test_resolver.py index b2a47d2..ecd1bf2 100644 --- a/tests/test_resolver.py +++ b/tests/test_resolver.py @@ -700,6 +700,16 @@ class LiveResolverTests(unittest.TestCase): cname = dns.name.from_text('dangling-target.dnspython.org') self.assertEqual(dns.resolver.canonical_name(name), cname) + def testNameserverSetting(self): + res = dns.resolver.Resolver(configure=False) + ns = ['1.2.3.4', '::1', 'https://ns.example'] + res.nameservers = ns[:] + self.assertEqual(res.nameservers, ns) + for ns in ['999.999.999.999', 'ns.example.', 'bogus://ns.example']: + with self.assertRaises(ValueError): + res.nameservers = [ns] + + class PollingMonkeyPatchMixin(object): def setUp(self): self.__native_selector_class = dns.query._selector_class |