// This file is part of the happyDeliver (R) project. // Copyright (c) 2025 happyDomain // Authors: Pierre-Olivier Mercier, et al. // // This program is offered under a commercial and under the AGPL license. // For commercial licensing, contact us at . // // For AGPL licensing: // This program is free software: you can redistribute it and/or modify // it under the terms of the GNU Affero General Public License as published by // the Free Software Foundation, either version 3 of the License, or // (at your option) any later version. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU Affero General Public License for more details. // // You should have received a copy of the GNU Affero General Public License // along with this program. If not, see . package analyzer import ( "net/mail" "strings" "testing" "time" "git.happydns.org/happyDeliver/internal/api" ) func TestNewDNSAnalyzer(t *testing.T) { tests := []struct { name string timeout time.Duration expectedTimeout time.Duration }{ { name: "Default timeout", timeout: 0, expectedTimeout: 10 * time.Second, }, { name: "Custom timeout", timeout: 5 * time.Second, expectedTimeout: 5 * time.Second, }, } for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { analyzer := NewDNSAnalyzer(tt.timeout) if analyzer.Timeout != tt.expectedTimeout { t.Errorf("Timeout = %v, want %v", analyzer.Timeout, tt.expectedTimeout) } if analyzer.resolver == nil { t.Error("Resolver should not be nil") } }) } } func TestExtractDomain(t *testing.T) { tests := []struct { name string fromAddress string expectedDomain string }{ { name: "Valid email", fromAddress: "user@example.com", expectedDomain: "example.com", }, { name: "Email with subdomain", fromAddress: "user@mail.example.com", expectedDomain: "mail.example.com", }, { name: "Email with uppercase", fromAddress: "User@Example.COM", expectedDomain: "example.com", }, { name: "Invalid email (no @)", fromAddress: "invalid-email", expectedDomain: "", }, { name: "Empty email", fromAddress: "", expectedDomain: "", }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { email := &EmailMessage{ Header: make(mail.Header), } if tt.fromAddress != "" { email.From = &mail.Address{ Address: tt.fromAddress, } } domain := analyzer.extractDomain(email) if domain != tt.expectedDomain { t.Errorf("extractDomain() = %q, want %q", domain, tt.expectedDomain) } }) } } func TestValidateSPF(t *testing.T) { tests := []struct { name string record string expected bool }{ { name: "Valid SPF with -all", record: "v=spf1 include:_spf.example.com -all", expected: true, }, { name: "Valid SPF with ~all", record: "v=spf1 ip4:192.0.2.0/24 ~all", expected: true, }, { name: "Valid SPF with +all", record: "v=spf1 +all", expected: true, }, { name: "Valid SPF with ?all", record: "v=spf1 mx ?all", expected: true, }, { name: "Invalid SPF - no version", record: "include:_spf.example.com -all", expected: false, }, { name: "Invalid SPF - no all mechanism", record: "v=spf1 include:_spf.example.com", expected: false, }, { name: "Invalid SPF - wrong version", record: "v=spf2 include:_spf.example.com -all", expected: false, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result := analyzer.validateSPF(tt.record) if result != tt.expected { t.Errorf("validateSPF(%q) = %v, want %v", tt.record, result, tt.expected) } }) } } func TestValidateDKIM(t *testing.T) { tests := []struct { name string record string expected bool }{ { name: "Valid DKIM with version", record: "v=DKIM1; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ...", expected: true, }, { name: "Valid DKIM without version", record: "k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ...", expected: true, }, { name: "Invalid DKIM - no public key", record: "v=DKIM1; k=rsa", expected: false, }, { name: "Invalid DKIM - wrong version", record: "v=DKIM2; k=rsa; p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQ...", expected: false, }, { name: "Invalid DKIM - empty", record: "", expected: false, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result := analyzer.validateDKIM(tt.record) if result != tt.expected { t.Errorf("validateDKIM(%q) = %v, want %v", tt.record, result, tt.expected) } }) } } func TestExtractDMARCPolicy(t *testing.T) { tests := []struct { name string record string expectedPolicy string }{ { name: "Policy none", record: "v=DMARC1; p=none; rua=mailto:dmarc@example.com", expectedPolicy: "none", }, { name: "Policy quarantine", record: "v=DMARC1; p=quarantine; pct=100", expectedPolicy: "quarantine", }, { name: "Policy reject", record: "v=DMARC1; p=reject; sp=reject", expectedPolicy: "reject", }, { name: "No policy", record: "v=DMARC1", expectedPolicy: "unknown", }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result := analyzer.extractDMARCPolicy(tt.record) if result != tt.expectedPolicy { t.Errorf("extractDMARCPolicy(%q) = %q, want %q", tt.record, result, tt.expectedPolicy) } }) } } func TestValidateDMARC(t *testing.T) { tests := []struct { name string record string expected bool }{ { name: "Valid DMARC", record: "v=DMARC1; p=quarantine; rua=mailto:dmarc@example.com", expected: true, }, { name: "Valid DMARC minimal", record: "v=DMARC1; p=none", expected: true, }, { name: "Invalid DMARC - no version", record: "p=quarantine", expected: false, }, { name: "Invalid DMARC - no policy", record: "v=DMARC1", expected: false, }, { name: "Invalid DMARC - wrong version", record: "v=DMARC2; p=reject", expected: false, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result := analyzer.validateDMARC(tt.record) if result != tt.expected { t.Errorf("validateDMARC(%q) = %v, want %v", tt.record, result, tt.expected) } }) } } func TestGenerateMXCheck(t *testing.T) { tests := []struct { name string results *DNSResults expectedStatus api.CheckStatus expectedScore float32 }{ { name: "Valid MX records", results: &DNSResults{ Domain: "example.com", MXRecords: []MXRecord{ {Host: "mail.example.com", Priority: 10, Valid: true}, {Host: "mail2.example.com", Priority: 20, Valid: true}, }, }, expectedStatus: api.CheckStatusPass, expectedScore: 1.0, }, { name: "No MX records", results: &DNSResults{ Domain: "example.com", MXRecords: []MXRecord{ {Valid: false, Error: "No MX records found"}, }, }, expectedStatus: api.CheckStatusFail, expectedScore: 0.0, }, { name: "MX lookup failed", results: &DNSResults{ Domain: "example.com", MXRecords: []MXRecord{ {Valid: false, Error: "DNS lookup failed"}, }, }, expectedStatus: api.CheckStatusFail, expectedScore: 0.0, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { check := analyzer.generateMXCheck(tt.results) if check.Status != tt.expectedStatus { t.Errorf("Status = %v, want %v", check.Status, tt.expectedStatus) } if check.Score != tt.expectedScore { t.Errorf("Score = %v, want %v", check.Score, tt.expectedScore) } if check.Category != api.Dns { t.Errorf("Category = %v, want %v", check.Category, api.Dns) } }) } } func TestGenerateSPFCheck(t *testing.T) { tests := []struct { name string spf *SPFRecord expectedStatus api.CheckStatus expectedScore float32 }{ { name: "Valid SPF", spf: &SPFRecord{ Record: "v=spf1 include:_spf.example.com -all", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 1.0, }, { name: "Invalid SPF", spf: &SPFRecord{ Record: "v=spf1 invalid syntax", Valid: false, Error: "SPF record appears malformed", }, expectedStatus: api.CheckStatusWarn, expectedScore: 0.5, }, { name: "No SPF record", spf: &SPFRecord{ Valid: false, Error: "No SPF record found", }, expectedStatus: api.CheckStatusFail, expectedScore: 0.0, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { check := analyzer.generateSPFCheck(tt.spf) if check.Status != tt.expectedStatus { t.Errorf("Status = %v, want %v", check.Status, tt.expectedStatus) } if check.Score != tt.expectedScore { t.Errorf("Score = %v, want %v", check.Score, tt.expectedScore) } if check.Category != api.Dns { t.Errorf("Category = %v, want %v", check.Category, api.Dns) } }) } } func TestGenerateDKIMCheck(t *testing.T) { tests := []struct { name string dkim *DKIMRecord expectedStatus api.CheckStatus expectedScore float32 }{ { name: "Valid DKIM", dkim: &DKIMRecord{ Selector: "default", Domain: "example.com", Record: "v=DKIM1; k=rsa; p=MIGfMA0...", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 1.0, }, { name: "Invalid DKIM", dkim: &DKIMRecord{ Selector: "default", Domain: "example.com", Valid: false, Error: "No DKIM record found", }, expectedStatus: api.CheckStatusFail, expectedScore: 0.0, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { check := analyzer.generateDKIMCheck(tt.dkim) if check.Status != tt.expectedStatus { t.Errorf("Status = %v, want %v", check.Status, tt.expectedStatus) } if check.Score != tt.expectedScore { t.Errorf("Score = %v, want %v", check.Score, tt.expectedScore) } if check.Category != api.Dns { t.Errorf("Category = %v, want %v", check.Category, api.Dns) } if !strings.Contains(check.Name, tt.dkim.Selector) { t.Errorf("Check name should contain selector %s", tt.dkim.Selector) } }) } } func TestGenerateDMARCCheck(t *testing.T) { tests := []struct { name string dmarc *DMARCRecord expectedStatus api.CheckStatus expectedScore float32 }{ { name: "Valid DMARC - reject", dmarc: &DMARCRecord{ Record: "v=DMARC1; p=reject", Policy: "reject", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 1.0, }, { name: "Valid DMARC - quarantine", dmarc: &DMARCRecord{ Record: "v=DMARC1; p=quarantine", Policy: "quarantine", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 1.0, }, { name: "Valid DMARC - none", dmarc: &DMARCRecord{ Record: "v=DMARC1; p=none", Policy: "none", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 1.0, }, { name: "No DMARC record", dmarc: &DMARCRecord{ Valid: false, Error: "No DMARC record found", }, expectedStatus: api.CheckStatusFail, expectedScore: 0.0, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { check := analyzer.generateDMARCCheck(tt.dmarc) if check.Status != tt.expectedStatus { t.Errorf("Status = %v, want %v", check.Status, tt.expectedStatus) } if check.Score != tt.expectedScore { t.Errorf("Score = %v, want %v", check.Score, tt.expectedScore) } if check.Category != api.Dns { t.Errorf("Category = %v, want %v", check.Category, api.Dns) } // Check that advice mentions policy for valid DMARC if tt.dmarc.Valid && check.Advice != nil { if tt.dmarc.Policy == "none" && !strings.Contains(*check.Advice, "none") { t.Error("Advice should mention 'none' policy") } } }) } } func TestGenerateDNSChecks(t *testing.T) { tests := []struct { name string results *DNSResults minChecks int }{ { name: "Nil results", results: nil, minChecks: 0, }, { name: "Complete results", results: &DNSResults{ Domain: "example.com", MXRecords: []MXRecord{ {Host: "mail.example.com", Priority: 10, Valid: true}, }, SPFRecord: &SPFRecord{ Record: "v=spf1 include:_spf.example.com -all", Valid: true, }, DKIMRecords: []DKIMRecord{ { Selector: "default", Domain: "example.com", Valid: true, }, }, DMARCRecord: &DMARCRecord{ Record: "v=DMARC1; p=quarantine", Policy: "quarantine", Valid: true, }, }, minChecks: 4, // MX, SPF, DKIM, DMARC }, { name: "Partial results", results: &DNSResults{ Domain: "example.com", MXRecords: []MXRecord{ {Host: "mail.example.com", Priority: 10, Valid: true}, }, }, minChecks: 1, // Only MX }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { checks := analyzer.GenerateDNSChecks(tt.results) if len(checks) < tt.minChecks { t.Errorf("Got %d checks, want at least %d", len(checks), tt.minChecks) } // Verify all checks have the DNS category for _, check := range checks { if check.Category != api.Dns { t.Errorf("Check %s has category %v, want %v", check.Name, check.Category, api.Dns) } } }) } } func TestAnalyzeDNS_NoDomain(t *testing.T) { analyzer := NewDNSAnalyzer(5 * time.Second) email := &EmailMessage{ Header: make(mail.Header), // No From address } results := analyzer.AnalyzeDNS(email, nil) if results == nil { t.Fatal("Expected results, got nil") } if len(results.Errors) == 0 { t.Error("Expected error when no domain can be extracted") } } func TestExtractBIMITag(t *testing.T) { tests := []struct { name string record string tag string expectedValue string }{ { name: "Extract logo URL (l tag)", record: "v=BIMI1; l=https://example.com/logo.svg", tag: "l", expectedValue: "https://example.com/logo.svg", }, { name: "Extract VMC URL (a tag)", record: "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem", tag: "a", expectedValue: "https://example.com/vmc.pem", }, { name: "Tag not found", record: "v=BIMI1; l=https://example.com/logo.svg", tag: "a", expectedValue: "", }, { name: "Tag with spaces", record: "v=BIMI1; l= https://example.com/logo.svg ", tag: "l", expectedValue: "https://example.com/logo.svg", }, { name: "Empty record", record: "", tag: "l", expectedValue: "", }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result := analyzer.extractBIMITag(tt.record, tt.tag) if result != tt.expectedValue { t.Errorf("extractBIMITag(%q, %q) = %q, want %q", tt.record, tt.tag, result, tt.expectedValue) } }) } } func TestValidateBIMI(t *testing.T) { tests := []struct { name string record string expected bool }{ { name: "Valid BIMI with logo URL", record: "v=BIMI1; l=https://example.com/logo.svg", expected: true, }, { name: "Valid BIMI with logo and VMC", record: "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem", expected: true, }, { name: "Invalid BIMI - no version", record: "l=https://example.com/logo.svg", expected: false, }, { name: "Invalid BIMI - wrong version", record: "v=BIMI2; l=https://example.com/logo.svg", expected: false, }, { name: "Invalid BIMI - no logo URL", record: "v=BIMI1", expected: false, }, { name: "Invalid BIMI - empty", record: "", expected: false, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { result := analyzer.validateBIMI(tt.record) if result != tt.expected { t.Errorf("validateBIMI(%q) = %v, want %v", tt.record, result, tt.expected) } }) } } func TestGenerateBIMICheck(t *testing.T) { tests := []struct { name string bimi *BIMIRecord expectedStatus api.CheckStatus expectedScore float32 }{ { name: "Valid BIMI with logo only", bimi: &BIMIRecord{ Selector: "default", Domain: "example.com", Record: "v=BIMI1; l=https://example.com/logo.svg", LogoURL: "https://example.com/logo.svg", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 0.0, // BIMI doesn't contribute to score }, { name: "Valid BIMI with VMC", bimi: &BIMIRecord{ Selector: "default", Domain: "example.com", Record: "v=BIMI1; l=https://example.com/logo.svg; a=https://example.com/vmc.pem", LogoURL: "https://example.com/logo.svg", VMCURL: "https://example.com/vmc.pem", Valid: true, }, expectedStatus: api.CheckStatusPass, expectedScore: 0.0, }, { name: "No BIMI record (optional)", bimi: &BIMIRecord{ Selector: "default", Domain: "example.com", Valid: false, Error: "No BIMI record found", }, expectedStatus: api.CheckStatusInfo, expectedScore: 0.0, }, { name: "Invalid BIMI record", bimi: &BIMIRecord{ Selector: "default", Domain: "example.com", Record: "v=BIMI1", Valid: false, Error: "BIMI record appears malformed", }, expectedStatus: api.CheckStatusWarn, expectedScore: 0.0, }, } analyzer := NewDNSAnalyzer(5 * time.Second) for _, tt := range tests { t.Run(tt.name, func(t *testing.T) { check := analyzer.generateBIMICheck(tt.bimi) if check.Status != tt.expectedStatus { t.Errorf("Status = %v, want %v", check.Status, tt.expectedStatus) } if check.Score != tt.expectedScore { t.Errorf("Score = %v, want %v", check.Score, tt.expectedScore) } if check.Category != api.Dns { t.Errorf("Category = %v, want %v", check.Category, api.Dns) } if check.Name != "BIMI Record" { t.Errorf("Name = %q, want %q", check.Name, "BIMI Record") } // Check details for valid BIMI with VMC if tt.bimi.Valid && tt.bimi.VMCURL != "" && check.Details != nil { if !strings.Contains(*check.Details, "VMC URL") { t.Error("Details should contain VMC URL for valid BIMI with VMC") } } }) } }