Skip to content

Commit

Permalink
Feat/bit domain ownership pending (#3290)
Browse files Browse the repository at this point in the history
Co-authored-by: ammar92 <[email protected]>
Co-authored-by: stephanie0x00 <[email protected]>
Co-authored-by: Benny <[email protected]>
Co-authored-by: noamblitz <[email protected]>
  • Loading branch information
5 people authored Sep 18, 2024
1 parent 2579e35 commit 2583519
Show file tree
Hide file tree
Showing 5 changed files with 66 additions and 0 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -489,6 +489,13 @@
"impact": "Nonstandard headers may not be supported by all browsers and may not provide the security that is expected.",
"recommendation": "Remove the nonstandard headers from the response."
},
"KAT-DOMAIN-OWNERSHIP-PENDING": {
"description": "The domain requires Ownership verification. An email has been sent to the registered owner by the registrar. The domain is currently offline.",
"risk": "high",
"source": "https://www.icann.org/resources/pages/contact-verification-2013-05-03-en",
"impact": "Domain points to placeholder DNS-Servers, and is offline for regular use.",
"recommendation": "Verify ownership by following the emailed link."
},
"KAT-SOFTWARE-VERSION-NOT-FOUND": {
"description": "The version of the software is not found.",
"risk": "recommendation",
Expand Down
Empty file.
9 changes: 9 additions & 0 deletions octopoes/bits/domain_owner_verification/bit.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
from bits.definitions import BitDefinition
from octopoes.models.ooi.dns.records import DNSNSRecord

BIT = BitDefinition(
id="domain-owner-verification",
consumes=DNSNSRecord,
parameters=[],
module="bits.domain_owner_verification.domain_owner_verification",
)
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
from collections.abc import Iterator

from octopoes.models import OOI
from octopoes.models.ooi.dns.records import DNSNSRecord
from octopoes.models.ooi.findings import Finding, KATFindingType

INDICATORS = [
"NS1.REGISTRANT-VERIFICATION.ISPAPI.NET",
"NS2.REGISTRANT-VERIFICATION.ISPAPI.NET",
"NS3.REGISTRANT-VERIFICATION.ISPAPI.NET",
]


def run(nameserver_record: DNSNSRecord, additional_oois, config: dict[str, str]) -> Iterator[OOI]:
"""Checks to see if a domain has a specific set of dns servers which would indicate domain registrant verification.
https://support.dnsimple.com/articles/icann-domain-validation/
"""
if nameserver_record.name_server_hostname.tokenized.name.rstrip(".").upper() in INDICATORS:
finding_type = KATFindingType(id="KAT-DOMAIN-OWNERSHIP-PENDING")
yield finding_type
yield Finding(
finding_type=finding_type.reference,
ooi=nameserver_record.hostname,
description="This domain requires ownership verification and is currently pending.",
)
25 changes: 25 additions & 0 deletions octopoes/tests/test_bit_domain_verification.py
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
from bits.domain_owner_verification.domain_owner_verification import run

from octopoes.models.ooi.dns.records import DNSNSRecord
from octopoes.models.ooi.dns.zone import Hostname
from octopoes.models.ooi.network import Network


def test_verification_pending():
network = Network(name="fake")
hostname = Hostname(name="example.com", network=network.reference)
ns_hostname = Hostname(name="ns1.registrant-verification.ispapi.net", network=network.reference)
ns_record = DNSNSRecord(hostname=hostname.reference, name_server_hostname=ns_hostname.reference, value="x")
results = list(run(ns_record, [], {}))

assert len(results) == 2


def test_no_verification_pending():
network = Network(name="fake")
hostname = Hostname(name="example.com", network=network.reference)
ns_hostname = Hostname(name="ns1.example.com", network=network.reference)
ns_record = DNSNSRecord(hostname=hostname.reference, name_server_hostname=ns_hostname.reference, value="x")
results = list(run(ns_record, [], {}))

assert len(results) == 0

0 comments on commit 2583519

Please sign in to comment.