github.com/zmap/zlint@v1.1.0/lints/lint_subject_contains_malformed_arpa_ip_test.go

github.com/zmap/zlint@v1.1.0/lints/lint_subject_contains_malformed_arpa_ip_test.go (about)

     1  package lints
     2  
     3  import (
     4  	"fmt"
     5  	"testing"
     6  )
     7  
     8  func TestSubjectMalformedDNSARPA(t *testing.T) {
     9  	testCases := []struct {
    10  		Name            string
    11  		InputFilename   string
    12  		ExpectedResult  LintStatus
    13  		ExpectedDetails string
    14  	}{
    15  		{
    16  			Name:            "IPv4 rDNS too few labels",
    17  			InputFilename:   "subjectRDNSIPv4TooFewLabels.pem",
    18  			ExpectedResult:  Warn,
    19  			ExpectedDetails: `name "1.168.192.in-addr.arpa" has too few leading labels (3 vs 4) to be a reverse DNS entry in the ".in-addr.arpa" zone.`,
    20  		},
    21  		{
    22  			Name:            "IPv4 rDNS bad IP",
    23  			InputFilename:   "subjectRDNSIPv4BadIP.pem",
    24  			ExpectedResult:  Warn,
    25  			ExpectedDetails: `the first 4 labels of name "a.b.c.d.in-addr.arpa" did not parse as a reversed IP address`,
    26  		},
    27  		{
    28  			Name:           "IPv4 rDNS reserved IP",
    29  			InputFilename:  "subjectRDNSIPv4ReservedIP.pem",
    30  			ExpectedResult: Pass, // This linter doesn't check that the IP isn't reserved.
    31  		},
    32  		{
    33  			Name:           "IPv4 rDNS OK",
    34  			InputFilename:  "subjectRDNSIPv4GoodIP.pem",
    35  			ExpectedResult: Pass,
    36  		},
    37  		{
    38  			Name:            "IPv6 rDNS too few labels",
    39  			InputFilename:   "subjectRDNSIPv6TooFewLabels.pem",
    40  			ExpectedResult:  Warn,
    41  			ExpectedDetails: `name "a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa" has too few leading labels (31 vs 32) to be a reverse DNS entry in the ".ip6.arpa" zone.`,
    42  		},
    43  		{
    44  			Name:            "IPv6 rDNS bad IP",
    45  			InputFilename:   "subjectRDNSIPv6BadIP.pem",
    46  			ExpectedResult:  Warn,
    47  			ExpectedDetails: `the first 32 labels of name "j.a.9.8.7.6.5.0.4.0.0.0.3.0.0.0.2.0.0.0.1.0.0.0.0.0.0.0.1.2.3.4.ip6.arpa" did not parse as a reversed IP address`,
    48  		},
    49  		{
    50  			Name:           "IPv6 rDNS reserved IP",
    51  			InputFilename:  "subjectRDNSIPv6ReservedIP.pem",
    52  			ExpectedResult: Pass, // This linter doesn't check that the IP isn't reserved.
    53  		},
    54  		{
    55  			Name:           "IPv6 rDNS OK",
    56  			InputFilename:  "subjectRDNSIPv6GoodIP.pem",
    57  			ExpectedResult: Pass,
    58  		},
    59  	}
    60  
    61  	for _, tc := range testCases {
    62  		t.Run(tc.Name, func(t *testing.T) {
    63  			inputPath := fmt.Sprintf("%s%s", testCaseDir, tc.InputFilename)
    64  			result := Lints["w_subject_contains_malformed_arpa_ip"].Execute(ReadCertificate(inputPath))
    65  			if result.Status != tc.ExpectedResult {
    66  				t.Errorf("expected result %v was %v", tc.ExpectedResult, result.Status)
    67  			}
    68  			if result.Details != tc.ExpectedDetails {
    69  				t.Errorf("expected result details %q was %q", tc.ExpectedDetails, result.Details)
    70  			}
    71  		})
    72  	}
    73  }