-
Notifications
You must be signed in to change notification settings - Fork 579
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Stdlib::Fqdn type accepts ipv4 addresses, also allows truncated addresses #1282
Stdlib::Fqdn type accepts ipv4 addresses, also allows truncated addresses #1282
Comments
My bet would indeed be on the numberical FQDNs because |
Interesting problem to solve. I'm wondering if a possible solution should include a test for invalid ipv4, such as 10.10.10.300. |
I'd suspect that the host definition should check that the last part (TLD) should be non-numeric. That should catch it. |
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
FTR this is a valid FQDN
There are two issues with this
Arguably the IANA DNS is the one most users would want to check however i think we should add a new type for this e.g. |
This part looks relevant:
That reads to me as an XOR: either a domain name or an IP. It should prefer it as an IP. So I think a fully numeric FQDN is invalid. You can catch that with |
I think that's valid if it matches (loose) pattern
should all be treated as DNS names |
Thank you for these insightful information and links. The rfc1123 Section 2 quoted above make me think we can accept an IP address as a FQDN: in an ideal world we would not, but this would need to happen in puppet with a custom data type that tries to parse the value as an IP address, raise an error if it succeed and does the actual test otherwise. I do not think we can do this at the stdlib level. So accepting IP addresses here looks like an acceptable compromise. I will update #1345 to take this into account. Thank you 💯 💯 💯 |
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
This PR introduces a new set of types for validating FQDN's. it creates a type for the more loose rfc definitions of domain names and a stricter and likely more useful iana type. This allows us to create a new type that more does to what most users expect i.e. that a dns name is one that works on the internt, without breaking current uses for users that may be using the Stdlib::Fqdn to validate validate DNS names that don't work with the IANA roots. The intention of this patch would be to deprecate the currnet Stdlib::Fqdn type and encourage users to move to the appropriate Stdlib::DNS::* type which for most users will likely be the stricter Stdlib::DNS::Fqdn type Note: this PR is intentionally a bit rough to first garner thoughts as to if this is the correct direction Fixes puppetlabs#1282 (not sure it fixes but want it tagged)
FTR i don't think that that the current type is what most people would want or expect but don't want to break things for current users. i created #1347 as a possible way forward let me know what you think and ill clean up the patch if its seems like a good direction |
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
The 3.x function rely on is_domain_name() which is deprecated. Rewrite it using the more modern puppet 4.x function to rely on data types for better parameters validation. While here, adjust the Stdlib::Fqdn data type to ensure the last component (TLD) is non-numeric as [suggested by @ekohl](#1282 (comment)), and add a Stdlib::Dns_zone data type that is basically the same but with a trailing dot.
This PR introduces a new set of types for validating FQDN's. it creates a type for the more loose rfc definitions of domain names and a stricter and likely more useful iana type. This allows us to create a new type that more does to what most users expect i.e. that a dns name is one that works on the internt, without breaking current uses for users that may be using the Stdlib::Fqdn to validate validate DNS names that don't work with the IANA roots. The intention of this patch would be to deprecate the currnet Stdlib::Fqdn type and encourage users to move to the appropriate Stdlib::DNS::* type which for most users will likely be the stricter Stdlib::DNS::Fqdn type Note: this PR is intentionally a bit rough to first garner thoughts as to if this is the correct direction Fixes puppetlabs#1282 (not sure it fixes but want it tagged)
This PR introduces a new set of types for validating FQDN's. it creates a type for the more loose rfc definitions of domain names and a stricter and likely more useful iana type. This allows us to create a new type that more does to what most users expect i.e. that a dns name is one that works on the internt, without breaking current uses for users that may be using the Stdlib::Fqdn to validate validate DNS names that don't work with the IANA roots. The intention of this patch would be to deprecate the currnet Stdlib::Fqdn type and encourage users to move to the appropriate Stdlib::DNS::* type which for most users will likely be the stricter Stdlib::DNS::Fqdn type Note: this PR is intentionally a bit rough to first garner thoughts as to if this is the correct direction Fixes puppetlabs#1282 (not sure it fixes but want it tagged)
Describe the Bug
Specifying a variable as type
Stdlib::Fqdn
allows ipv4 addresses. This issue is compounded when usingStdlib::Host
as with the inclusion ofFqdn
it allows truncated ipv4 addresses such as10.10.10.10.10
.Expected Behavior
IPv4 addresses should be validated when using
Stdlib::Host
and not accepted within theStdlib:Fqdn
typeSteps to Reproduce
Steps to reproduce the behavior:
Create a variable with type
Stdlib::Fqdn
Submit valid or truncated ipv4 address, which passes (the regex)
Create a variable with type
Stdlib::Host
Submit a truncated ipv4 address, which passes (the regex)
Environment
Additional Context
Unsure if this is a flaw in catering for numerical fqdn's, and how it can be addressed. TL:DR is that using
Stdlib::Host
does not ensure ipv4 addresses are validThe text was updated successfully, but these errors were encountered: