Pierre-Olivier Mercier
5d1dce038f
All checks were successful
continuous-integration/drone/push Build is passing
111 lines
3.1 KiB
Go
111 lines
3.1 KiB
Go
// This file is part of the happyDeliver (R) project.
|
|
// Copyright (c) 2025 happyDomain
|
|
// Authors: Pierre-Olivier Mercier, et al.
|
|
//
|
|
// This program is offered under a commercial and under the AGPL license.
|
|
// For commercial licensing, contact us at <contact@happydomain.org>.
|
|
//
|
|
// For AGPL licensing:
|
|
// This program is free software: you can redistribute it and/or modify
|
|
// it under the terms of the GNU Affero General Public License as published by
|
|
// the Free Software Foundation, either version 3 of the License, or
|
|
// (at your option) any later version.
|
|
//
|
|
// This program is distributed in the hope that it will be useful,
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
// GNU Affero General Public License for more details.
|
|
//
|
|
// You should have received a copy of the GNU Affero General Public License
|
|
// along with this program. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
package analyzer
|
|
|
|
import (
|
|
"context"
|
|
"testing"
|
|
)
|
|
|
|
func TestIsDNSSECEnabled(t *testing.T) {
|
|
resolver := NewStandardDNSResolver()
|
|
ctx := context.Background()
|
|
|
|
tests := []struct {
|
|
name string
|
|
domain string
|
|
expectDNSSEC bool
|
|
}{
|
|
{
|
|
name: "ietf.org has DNSSEC",
|
|
domain: "ietf.org",
|
|
expectDNSSEC: true,
|
|
},
|
|
{
|
|
name: "google.com doesn't have DNSSEC",
|
|
domain: "google.com",
|
|
expectDNSSEC: false,
|
|
},
|
|
}
|
|
|
|
for _, tt := range tests {
|
|
t.Run(tt.name, func(t *testing.T) {
|
|
enabled, err := resolver.IsDNSSECEnabled(ctx, tt.domain)
|
|
if err != nil {
|
|
t.Errorf("IsDNSSECEnabled() error = %v", err)
|
|
return
|
|
}
|
|
|
|
if enabled != tt.expectDNSSEC {
|
|
t.Errorf("IsDNSSECEnabled() for %s = %v, want %v", tt.domain, enabled, tt.expectDNSSEC)
|
|
} else {
|
|
// Log the result even if we're not validating
|
|
if enabled {
|
|
t.Logf("%s: DNSSEC is enabled ✅", tt.domain)
|
|
} else {
|
|
t.Logf("%s: DNSSEC is NOT enabled ⚠️", tt.domain)
|
|
}
|
|
}
|
|
})
|
|
}
|
|
}
|
|
|
|
func TestIsDNSSECEnabled_NonExistentDomain(t *testing.T) {
|
|
resolver := NewStandardDNSResolver()
|
|
ctx := context.Background()
|
|
|
|
// Test with a domain that doesn't exist
|
|
enabled, err := resolver.IsDNSSECEnabled(ctx, "this-domain-definitely-does-not-exist-12345.com")
|
|
if err != nil {
|
|
// Error is acceptable for non-existent domains
|
|
t.Logf("Non-existent domain returned error (expected): %v", err)
|
|
return
|
|
}
|
|
|
|
// If no error, DNSSEC should be disabled
|
|
if enabled {
|
|
t.Error("IsDNSSECEnabled() for non-existent domain should return false")
|
|
}
|
|
}
|
|
|
|
func TestIsDNSSECEnabled_WithTrailingDot(t *testing.T) {
|
|
resolver := NewStandardDNSResolver()
|
|
ctx := context.Background()
|
|
|
|
// Test that both formats work
|
|
domain1 := "cloudflare.com"
|
|
domain2 := "cloudflare.com."
|
|
|
|
enabled1, err1 := resolver.IsDNSSECEnabled(ctx, domain1)
|
|
if err1 != nil {
|
|
t.Errorf("IsDNSSECEnabled() without trailing dot error = %v", err1)
|
|
}
|
|
|
|
enabled2, err2 := resolver.IsDNSSECEnabled(ctx, domain2)
|
|
if err2 != nil {
|
|
t.Errorf("IsDNSSECEnabled() with trailing dot error = %v", err2)
|
|
}
|
|
|
|
if enabled1 != enabled2 {
|
|
t.Errorf("IsDNSSECEnabled() results differ: without dot = %v, with dot = %v", enabled1, enabled2)
|
|
}
|
|
}
|