github.com/zmap/zlint@v1.1.0/lints/lint_dnsname_wildcard_only_in_left_label.go (about) 1 package lints 2 3 /* 4 * ZLint Copyright 2018 Regents of the University of Michigan 5 * 6 * Licensed under the Apache License, Version 2.0 (the "License"); you may not 7 * use this file except in compliance with the License. You may obtain a copy 8 * of the License at http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or 13 * implied. See the License for the specific language governing 14 * permissions and limitations under the License. 15 */ 16 17 import ( 18 "strings" 19 20 "github.com/zmap/zcrypto/x509" 21 "github.com/zmap/zlint/util" 22 ) 23 24 type DNSNameWildcardOnlyInLeftlabel struct{} 25 26 func (l *DNSNameWildcardOnlyInLeftlabel) Initialize() error { 27 return nil 28 } 29 30 func (l *DNSNameWildcardOnlyInLeftlabel) CheckApplies(c *x509.Certificate) bool { 31 return true 32 } 33 34 func wildcardNotInLeftLabel(domain string) bool { 35 labels := strings.Split(domain, ".") 36 if len(labels) > 1 { 37 labels = labels[1:] 38 for _, label := range labels { 39 if strings.Contains(label, "*") { 40 return true 41 } 42 } 43 } 44 return false 45 } 46 47 func (l *DNSNameWildcardOnlyInLeftlabel) Execute(c *x509.Certificate) *LintResult { 48 if wildcardNotInLeftLabel(c.Subject.CommonName) { 49 return &LintResult{Status: Error} 50 } 51 for _, dns := range c.DNSNames { 52 if wildcardNotInLeftLabel(dns) { 53 return &LintResult{Status: Error} 54 } 55 } 56 return &LintResult{Status: Pass} 57 } 58 59 func init() { 60 RegisterLint(&Lint{ 61 Name: "e_dnsname_wildcard_only_in_left_label", 62 Description: "DNSName should not have wildcards except in the left-most label", 63 Citation: "BRs: 7.1.4.2", 64 Source: CABFBaselineRequirements, 65 EffectiveDate: util.CABEffectiveDate, 66 Lint: &DNSNameWildcardOnlyInLeftlabel{}, 67 }) 68 }