DandelionNStuff/dkimpy-smtputf8
4
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add tests for invalid domains, probably not a security issue in the DKIM context, but we should raise errors here.

Browse Source
This commit is contained in:
Scott Kitterman
2020-04-21 20:29:45 -04:00
parent 7848effe4d
commit d1360c8e25
2 changed files with 46 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
dkim/tests/data/test.message.baddomain
+16
View File
@@ -0,0 +1,16 @@
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple;
d=legitimate.com(.attacker.com; i=@legitimate.com(.attacker.com;
q=dns/txt; s=test; t=1587514615; h=message-id : date : from : to :
subject : from; bh=wE7NXSkgnx9PGiavN4OZhJztvkqPDlemV3OGuEnLwNo=;
b=LsTV4fcR29N8CuUyrGn92jsTb67oAHx88vVIefoaUDghWxF5TpCyqcWbk/94Nt4PyxwUZ
pgzF4UM/zF1rclCeNm/V4m0wMj3X2eeOIUUa8GRQ0g7DzixiQ5qHLUGpRT4BHfPmdHZHYj8
xv7+1O0/SJDK0YkaBjvhjDfkOoJhMmc=
Authentication-Results: lists.example.org; arc=none; spf=pass smtp.mfrom=jqd@d1.example; dkim=pass (1024-bit key) header.i=@d1.example; dmarc=pass
Received: from localhost
Message-ID: <example@example.com>
Date: Mon, 01 Jan 2011 01:02:03 +0400
From: Test User <test@example.com>
To: somebody@example.com
Subject: Testing
This is a test message.
dkim/tests/test_dkim.py
+30
View File
@@ -60,6 +60,7 @@ class TestSignAndVerify(unittest.TestCase):
self.message3 = read_test_data("rfc6376.msg") self.message3 = read_test_data("rfc6376.msg")
self.message4 = read_test_data("rfc6376.signed.msg") self.message4 = read_test_data("rfc6376.signed.msg")
self.message5 = read_test_data("rfc6376.signed.rsa.msg") self.message5 = read_test_data("rfc6376.signed.rsa.msg")
self.message6 = read_test_data("test.message.baddomain")
self.key = read_test_data("test.private") self.key = read_test_data("test.private")
self.rfckey = read_test_data("rfc8032_7_1.key") self.rfckey = read_test_data("rfc8032_7_1.key")
@@ -196,6 +197,23 @@ p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo="""
self.assertTrue(domain in _dns_responses,domain) self.assertTrue(domain in _dns_responses,domain)
return _dns_responses[domain] return _dns_responses[domain]
def dnsfunc7(self, domain, timeout=5):
sample_dns = """\
k=rsa; s=email;\
p=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANmBe10IgY+u7h3enWTukkqtUD5PR52T\
b/mPfjC0QJTocVBq6Za/PlzfV+Py92VaCak19F4WrbVTK5Gg5tW220MCAwEAAQ=="""
_dns_responses = {
'test._domainkey.legitimate.com(.attacker.com.': read_test_data("test.txt"),
}
try:
domain = domain.decode('ascii')
except UnicodeDecodeError:
return None
self.assertTrue(domain in _dns_responses,domain)
return _dns_responses[domain]
def test_verifies(self): def test_verifies(self):
# A message verifies after being signed. # A message verifies after being signed.
for header_algo in (b"simple", b"relaxed"): for header_algo in (b"simple", b"relaxed"):
@@ -279,6 +297,18 @@ p=11qYAYKxCrfVS/7TyWQHOg7hcvPapiMlrwIaaPcHURo="""
res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc4) res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc4)
self.assertFalse(res) self.assertFalse(res)
def test_invalid_domain_sign(self):
# RFC6376 says domain can be Alpha, Num, - only.
sig = dkim.sign(
self.message, b"test", b"legitimate.com(.attacker.com", self.key)
res = dkim.verify(sig + self.message, dnsfunc=self.dnsfunc7)
self.assertFalse(res)
def test_invalid_domain_verify(self):
# RFC6376 says domain can be Alpha, Num, - only.
res = dkim.verify(self.message6, dnsfunc=self.dnsfunc7)
self.assertFalse(res)
def test_simple_signature(self): def test_simple_signature(self):
# A message verifies after being signed with SHOULD headers # A message verifies after being signed with SHOULD headers
for header_algo in (b"simple", b"relaxed"): for header_algo in (b"simple", b"relaxed"):