18743945403

Committed 23 Oct 2025 09:29AM UTC coverage: 65.845% (+0.02%) from 65.829%

Build # 18743945403

Build Type

Pull #16356

github

Committed by

web-flow

Commit Message

Merge 8a2027ef1 into efa3637e8

Pull Request Pull Request #16356: auth 5.0: backport "pdnsutil: fix b2b-migrate to from sql to non-sql"

Run Details

42073 of 92452 branches covered (45.51%)

Branch coverage included in aggregate %.

128008 of 165855 relevant lines covered (77.18%)

6379935.17 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

52.63

/pdns/recursordist/secpoll-recursor.cc

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "secpoll-recursor.hh"
#include "syncres.hh"
#include "logger.hh"
#include "arguments.hh"
#include "version.hh"
#include "validate-recursor.hh"
#include "secpoll.hh"

#include <cstdint>
#ifndef PACKAGEVERSION
#define PACKAGEVERSION getPDNSVersion()
#endif

pdns::stat_t g_security_status;

void doSecPoll(time_t* last_secpoll, Logr::log_t log)
{
  if (::arg()["security-poll-suffix"].empty()) {
    return;
  }

  string pkgv(PACKAGEVERSION);
  struct timeval now{};
  Utility::gettimeofday(&now);

  /* update last_secpoll right now, even if it fails
     we don't want to retry right away and hammer the server */
  *last_secpoll = now.tv_sec;

  SyncRes resolver(now);
  if (g_dnssecmode != DNSSECMode::Off) {
    resolver.setDoDNSSEC(true);
    resolver.setDNSSECValidationRequested(true);
  }
  resolver.setId("SecPoll");

  vector<DNSRecord> ret;

  string version = "recursor-" + pkgv;
  string qstring(version.substr(0, 63) + ".security-status." + ::arg()["security-poll-suffix"]);

  if (*qstring.rbegin() != '.') {
    qstring += '.';
  }

  std::replace(qstring.begin(), qstring.end(), '+', '_');
  std::replace(qstring.begin(), qstring.end(), '~', '_');

  vState state = vState::Indeterminate;
  DNSName query(qstring);
  int res = resolver.beginResolve(query, QType(QType::TXT), 1, ret);

  if (g_dnssecmode != DNSSECMode::Off && res != 0) {
    state = resolver.getValidationState();
  }

  auto vlog = log->withValues("version", Logging::Loggable(pkgv), "query", Logging::Loggable(query));
  if (vStateIsBogus(state)) {
    SLOG(g_log << Logger::Error << "Failed to retrieve security status update for '" + pkgv + "' on '" << query << "', DNSSEC validation result was Bogus!" << endl,
         vlog->info(Logr::Error, "Failed to retrieve security status update", "validationResult", Logging::Loggable(vStateToString(state))));
    if (g_security_status == 1) { // If we were OK, go to unknown
      g_security_status = 0;
    }
    return;
  }

  if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {
    SLOG(g_log << Logger::Warning << "Not validating response for security status update, this is a non-release version" << endl,
         vlog->info(Logr::Warning, "Not validating response for security status update, this is a non-release version"));
    return;
  }

  string security_message;
  int security_status = static_cast<int>(g_security_status);

  try {
    processSecPoll(res, ret, security_status, security_message);
  }
  catch (const PDNSException& pe) {
    g_security_status = security_status;
    SLOG(g_log << Logger::Warning << "Failed to retrieve security status update for '" << pkgv << "' on '" << query << "': " << pe.reason << endl,
         vlog->error(Logr::Warning, pe.reason, "Failed to retrieve security status update"));
    return;
  }

  auto rlog = vlog->withValues("securitymessage", Logging::Loggable(security_message), "status", Logging::Loggable(security_status));
  if (g_security_status != 1 && security_status == 1) {
    SLOG(g_log << Logger::Warning << "Polled security status of version " << pkgv << ", no known issues reported: " << security_message << endl,
         rlog->info(Logr::Notice, "Polled security status of version, no known issues reported"));
  }
  if (security_status == 2) {
    SLOG(g_log << Logger::Error << "PowerDNS Security Update Recommended: " << security_message << endl,
         rlog->info(Logr::Error, "PowerDNS Security Update Recommended"));
  }
  if (security_status == 3) {
    SLOG(g_log << Logger::Error << "PowerDNS Security Update Mandatory: " << security_message << endl,
         rlog->info(Logr::Error, "PowerDNS Security Update Mandatory"));
  }

  g_security_status = security_status;
}

1	#ifdef HAVE_CONFIG_H
2	#include "config.h"
3	#endif
4	#include "secpoll-recursor.hh"
5	#include "syncres.hh"
6	#include "logger.hh"
7	#include "arguments.hh"
8	#include "version.hh"
9	#include "validate-recursor.hh"
10	#include "secpoll.hh"
11
12	#include <cstdint>
13	#ifndef PACKAGEVERSION
14	#define PACKAGEVERSION getPDNSVersion()	15✔
15	#endif
16
17	pdns::stat_t g_security_status;
18
19	void doSecPoll(time_t* last_secpoll, Logr::log_t log)
20	{	109✔
21	if (::arg()["security-poll-suffix"].empty()) {	109✔
22	return;	94✔
23	}	94✔
24
25	string pkgv(PACKAGEVERSION);	15✔
26	struct timeval now{};	15✔
27	Utility::gettimeofday(&now);	15✔
28
29	/* update last_secpoll right now, even if it fails
30	we don't want to retry right away and hammer the server */
31	*last_secpoll = now.tv_sec;	15✔
32
33	SyncRes resolver(now);	15✔
34	if (g_dnssecmode != DNSSECMode::Off) {	15!
35	resolver.setDoDNSSEC(true);	15✔
36	resolver.setDNSSECValidationRequested(true);	15✔
37	}	15✔
38	resolver.setId("SecPoll");	15✔
39
40	vector<DNSRecord> ret;	15✔
41
42	string version = "recursor-" + pkgv;	15✔
43	string qstring(version.substr(0, 63) + ".security-status." + ::arg()["security-poll-suffix"]);	15✔
44
45	if (*qstring.rbegin() != '.') {	15!
46	qstring += '.';	×
47	}	×
48
49	std::replace(qstring.begin(), qstring.end(), '+', '_');	15✔
50	std::replace(qstring.begin(), qstring.end(), '~', '_');	15✔
51
52	vState state = vState::Indeterminate;	15✔
53	DNSName query(qstring);	15✔
54	int res = resolver.beginResolve(query, QType(QType::TXT), 1, ret);	15✔
55
56	if (g_dnssecmode != DNSSECMode::Off && res != 0) {	15!
57	state = resolver.getValidationState();	15✔
58	}	15✔
59
60	auto vlog = log->withValues("version", Logging::Loggable(pkgv), "query", Logging::Loggable(query));	15✔
61	if (vStateIsBogus(state)) {	15!
62	SLOG(g_log << Logger::Error << "Failed to retrieve security status update for '" + pkgv + "' on '" << query << "', DNSSEC validation result was Bogus!" << endl,	×
63	vlog->info(Logr::Error, "Failed to retrieve security status update", "validationResult", Logging::Loggable(vStateToString(state))));	×
64	if (g_security_status == 1) { // If we were OK, go to unknown	×
65	g_security_status = 0;	×
66	}	×
67	return;	×
68	}	×
69
70	if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {	15!
71	SLOG(g_log << Logger::Warning << "Not validating response for security status update, this is a non-release version" << endl,	×
72	vlog->info(Logr::Warning, "Not validating response for security status update, this is a non-release version"));	×
73	return;	×
74	}	×
75
76	string security_message;	15✔
77	int security_status = static_cast<int>(g_security_status);	15✔
78
79	try {	15✔
80	processSecPoll(res, ret, security_status, security_message);	15✔
81	}	15✔
82	catch (const PDNSException& pe) {	15✔
83	g_security_status = security_status;	15✔
84	SLOG(g_log << Logger::Warning << "Failed to retrieve security status update for '" << pkgv << "' on '" << query << "': " << pe.reason << endl,	15✔
85	vlog->error(Logr::Warning, pe.reason, "Failed to retrieve security status update"));	15✔
86	return;	15✔
87	}	15✔
88
89	auto rlog = vlog->withValues("securitymessage", Logging::Loggable(security_message), "status", Logging::Loggable(security_status));	×
90	if (g_security_status != 1 && security_status == 1) {	×
91	SLOG(g_log << Logger::Warning << "Polled security status of version " << pkgv << ", no known issues reported: " << security_message << endl,	×
92	rlog->info(Logr::Notice, "Polled security status of version, no known issues reported"));	×
93	}	×
94	if (security_status == 2) {	×
95	SLOG(g_log << Logger::Error << "PowerDNS Security Update Recommended: " << security_message << endl,	×
96	rlog->info(Logr::Error, "PowerDNS Security Update Recommended"));	×
97	}	×
98	if (security_status == 3) {	×
99	SLOG(g_log << Logger::Error << "PowerDNS Security Update Mandatory: " << security_message << endl,	×
100	rlog->info(Logr::Error, "PowerDNS Security Update Mandatory"));	×
101	}	×
102
103	g_security_status = security_status;	×
104	}	×

PowerDNS / pdns / 18743945403

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous