Error on ptr mechanisms

It has been deprecated in https://datatracker.ietf.org/doc/html/rfc7208#section-5.5.
2024-05-11 05:55:00 +00:00 · 2023-02-20 18:17:43 +00:00
parent ffe35b9096
commit ee44779f7f
2 changed files with 72 additions and 3 deletions
@@ -73,10 +73,13 @@ class SpfDnsLookupProcessor(BaseProcessor):
                    f"{record.fqdn} exceeds the 10 DNS lookup limit in the SPF record"
                )

+            if term.startswith('ptr'):
+                raise SpfValueException(
+                    f"{record.fqdn} uses the deprecated ptr mechanism"
+                )
+
            # These mechanisms cost one DNS lookup each
-            if term.startswith(
-                ('a', 'mx', 'exists:', 'redirect', 'include:', 'ptr')
-            ):
+            if term.startswith(('a', 'mx', 'exists:', 'redirect', 'include:')):
                lookups += 1

            # The include mechanism can result in further lookups after resolving the DNS record
@@ -245,3 +245,69 @@ class TestSpfDnsLookupProcessor(TestCase):

        with self.assertRaises(SpfValueException):
            processor.process_source_zone(zone)
+
+    @patch('dns.resolver.resolve')
+    def test_processor_errors_ptr_mechanisms(self, resolver_mock):
+        processor = SpfDnsLookupProcessor('test')
+        zone = Zone('unit.tests.', [])
+
+        zone.add_record(
+            Record.new(
+                zone,
+                '',
+                {'type': 'TXT', 'ttl': 86400, 'values': ['v=spf1 ptr ~all']},
+            )
+        )
+
+        with self.assertRaises(SpfValueException) as context:
+            processor.process_source_zone(zone)
+        self.assertEqual(
+            'unit.tests. uses the deprecated ptr mechanism',
+            str(context.exception),
+        )
+
+        zone = Zone('unit.tests.', [])
+
+        zone.add_record(
+            Record.new(
+                zone,
+                '',
+                {
+                    'type': 'TXT',
+                    'ttl': 86400,
+                    'values': ['v=spf1 ptr:example.com ~all'],
+                },
+            )
+        )
+
+        with self.assertRaises(SpfValueException) as context:
+            processor.process_source_zone(zone)
+        self.assertEqual(
+            'unit.tests. uses the deprecated ptr mechanism',
+            str(context.exception),
+        )
+
+        zone = Zone('unit.tests.', [])
+
+        zone.add_record(
+            Record.new(
+                zone,
+                '',
+                {
+                    'type': 'TXT',
+                    'ttl': 86400,
+                    'values': ['v=spf1 include:example.com ~all'],
+                },
+            )
+        )
+
+        txt_value_mock = MagicMock()
+        txt_value_mock.to_text.return_value = '"v=spf1 ptr -all"'
+        resolver_mock.return_value = [txt_value_mock]
+
+        with self.assertRaises(SpfValueException) as context:
+            processor.process_source_zone(zone)
+        self.assertEqual(
+            'unit.tests. uses the deprecated ptr mechanism',
+            str(context.exception),
+        )