Permalink
Browse files

improve checks for incorrect urls in SSL and DNS

  • Loading branch information...
laurencei committed Feb 7, 2018
1 parent b497218 commit 681f41e4f3450aa4df6078f93e9df102380603a6
@@ -37,14 +37,20 @@ public function poll()
* Poll the DNS for its checks.
*
* @param string $domain
* @return void
* @return array|bool
*/
protected function getDnsRecord($domain)
{
if (filter_var($domain, FILTER_VALIDATE_URL) === false) {
$this->eye->logger()->debug('DNS URL not valid', $domain);
return false;
}
try {
$dns = $this->pollDns($this->parseUrl($domain));
} catch (Exception $e) {
$this->eye->logger()->error('DNS lookup failed', $e, $domain);
$this->eye->logger()->debug('DNS lookup failed', ['domain' => $domain,
'exception' => $e->getMessage()]);
return false;
}
@@ -25,7 +25,9 @@ public function poll()
}
foreach (config('eyewitness.application_domains') as $domain) {
$this->startScan($domain);
if ($this->isValidDomain($domain)) {
$this->startScan($domain);
}
}
}
@@ -169,4 +171,20 @@ protected function saveSslRecord($domain, $result)
throw $e;
}
}
/**
* Check if the URL is valid.
*
* @param string $domain
* @return bool
*/
protected function isValidDomain($domain)
{
if (filter_var($domain, FILTER_VALIDATE_URL) === false) {
$this->eye->logger()->debug('SSL URL not valid', $domain);
return false;
}
return true;
}
}
@@ -16,7 +16,7 @@ public function up()
Schema::connection(config('eyewitness.eyewitness_database_connection'))->create('eyewitness_io_history_monitors', function (Blueprint $table) {
$table->increments('id');
$table->string('type');
$table->string('meta')->nullable()->default(null);
$table->string('meta');
$table->string('value')->nullable()->default(null);
$table->text('record');
$table->timestamp('created_at')->useCurrent();
@@ -38,6 +38,7 @@ public function test_handles_no_configured_domains()
$this->notifier->shouldReceive('alert')->never();
Log::shouldReceive('debug')->with('Eyewitness: No application domain set for DNS witness', ['data' => null])->once();
Log::shouldReceive('error')->never();
$this->dns->poll();
}
@@ -50,7 +51,6 @@ public function test_handles_bad_dns_lookup()
$this->dns->shouldReceive('pollDns')->with('example.com.')->once()->andThrow($e);
$this->notifier->shouldReceive('alert')->never();
Log::shouldReceive('error')->with('Eyewitness: DNS lookup failed', ['exception' => $e->getMessage(), 'data' => $domain])->once();
$this->dns->poll();
}
@@ -64,6 +64,7 @@ public function test_handles_good_initial_dns_lookup()
$this->notifier->shouldReceive('alert')->never();
Log::shouldReceive('error')->never();
Log::shouldReceive('debug')->never();
$this->dns->poll();
@@ -83,6 +84,7 @@ public function test_handles_good_dns_lookup_with_no_changes()
$this->notifier->shouldReceive('alert')->never();
Log::shouldReceive('error')->never();
Log::shouldReceive('debug')->never();
$this->dns->poll();
@@ -105,6 +107,7 @@ public function test_handles_dns_lookup_with_temp_failure()
$this->notifier->shouldReceive('alert')->never();
Log::shouldReceive('error')->never();
Log::shouldReceive('debug')->never();
$this->dns->poll();
@@ -126,6 +129,7 @@ public function test_handles_dns_lookup_with_changes()
$this->notifier->shouldReceive('alert')->with(Change::class)->once();
Log::shouldReceive('error')->never();
Log::shouldReceive('debug')->never();
$this->dns->poll();

0 comments on commit 681f41e

Please sign in to comment.