Merge pull request #28 from remotelyliving/bug-fix

Validate CAA Data for Value
remotelyliving · May 20, 2020 · c1e54a8 · c1e54a8
2 parents 491824e + cdde6ae
commit c1e54a8
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 2 deletions.
diff --git a/src/Entities/CAAData.php b/src/Entities/CAAData.php
@@ -2,6 +2,8 @@
 
 namespace RemotelyLiving\PHPDNS\Entities;
 
+use RemotelyLiving\PHPDNS\Exceptions;
+
 class CAAData extends DataAbstract
 {
     /**
@@ -24,7 +26,7 @@ public function __construct(int $flags, string $tag, string $value = null)
         $this->flags = $flags;
         $this->tag = $tag;
         $this->value = ($value)
-            ? trim(str_ireplace('"', '', $value))
+            ? $this->normalizeValue($value)
             : null;
     }
 
@@ -72,4 +74,15 @@ public function unserialize($serialized): void
         $this->tag = $unserialized['tag'];
         $this->value = $unserialized['value'];
     }
+
+    private function normalizeValue(string $value): string
+    {
+        $normalized = trim(str_ireplace('"', '', $value));
+
+        if (preg_match('/\s/m', $normalized)) {
+            throw new Exceptions\InvalidArgumentException("$value is not a valid CAA value");
+        }
+
+        return $normalized;
+    }
 }
diff --git a/src/Entities/DataAbstract.php b/src/Entities/DataAbstract.php
@@ -52,7 +52,7 @@ public static function createFromTypeAndString(DNSRecordType $recordType, string
             );
         }
 
-        if ($recordType->isA(DNSRecordType::TYPE_CAA)) {
+        if ($recordType->isA(DNSRecordType::TYPE_CAA) && count($parsed) === 3) {
             return new CAAData((int)$parsed[0], (string)$parsed[1], $parsed[2]);
         }
 

diff --git a/tests/Unit/Entities/CAADataTest.php b/tests/Unit/Entities/CAADataTest.php
@@ -3,6 +3,7 @@
 namespace RemotelyLiving\PHPDNS\Tests\Unit\Entities;
 
 use RemotelyLiving\PHPDNS\Entities\CAAData;
+use RemotelyLiving\PHPDNS\Exceptions;
 use RemotelyLiving\PHPDNS\Tests\Unit\BaseTestAbstract;
 
 class CAADataTest extends BaseTestAbstract
@@ -86,4 +87,14 @@ public function hasBasicGetters(): void
         $nullDefault = new CAAData(0, 'issue');
         $this->assertNull($nullDefault->getValue());
     }
+
+    /**
+     * @test
+     */
+    public function doesNotAllowSpaceCharactersAsValidValue(): void
+    {
+        $this->expectException(Exceptions\InvalidArgumentException::class);
+        $badValue = '\'\\# 26 00 09 69 73 73 75 65 77 69 6c 64 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67\'';
+        new CAAData(0, 'issuewild', $badValue);
+    }
 }
diff --git a/tests/Unit/Entities/DataAbstractTest.php b/tests/Unit/Entities/DataAbstractTest.php
@@ -132,4 +132,15 @@ public function createsDataByTypeOrThrows(): void
         $this->expectException(InvalidArgumentException::class);
         $this->dataAbstract1::createFromTypeAndString(DNSRecordType::createA(), '');
     }
+
+    /**
+     * @test
+     */
+    public function checksCAADataAndThrowsIfTooManySegments(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        // example of bad data from Cloudflare API
+        $invalid = '0 issue \\# 26 00 09 69 73 73 75 65 77 69 6c 64 6c 65 74 73 65 6e 63 72 79 70 74 2e 6f 72 67';
+        $this->dataAbstract1::createFromTypeAndString(DNSRecordType::createCAA(), $invalid);
+    }
 }
-Original file line number
+Diff line change
@@ Expand Up @@
                 );
             }
-            if ($recordType->isA(DNSRecordType::TYPE_CAA)) {
+            if ($recordType->isA(DNSRecordType::TYPE_CAA) && count($parsed) === 3) {
                 return new CAAData((int)$parsed[0], (string)$parsed[1], $parsed[2]);
             }
@@ Expand Down @@