18903493638

Committed 29 Oct 2025 09:39AM UTC coverage: 73.004%. Remained the same

Build # 18903493638

Build Type

Pull #16388

github

Committed by

web-flow

Commit Message

Merge 1bddbd8fe into 82ea647b4

Pull Request Pull Request #16388: gh actions build-packages: fix pattern for the download-artifacts action and publication issues

Run Details

38272 of 63120 branches covered (60.63%)

Branch coverage included in aggregate %.

127434 of 163861 relevant lines covered (77.77%)

6052684.91 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

55.06

/pdns/recursordist/secpoll-recursor.cc

#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include "secpoll-recursor.hh"
#include "syncres.hh"
#include "logger.hh"
#include "arguments.hh"
#include "version.hh"
#include "validate-recursor.hh"
#include "secpoll.hh"

#include <cstdint>
#ifndef PACKAGEVERSION
#define PACKAGEVERSION getPDNSVersion()
#endif

pdns::stat_t g_security_status;

void doSecPoll(time_t* last_secpoll, Logr::log_t log)
{
  if (::arg()["security-poll-suffix"].empty()) {
    return;
  }

  string pkgv(PACKAGEVERSION);
  struct timeval now{};
  Utility::gettimeofday(&now);

  /* update last_secpoll right now, even if it fails
     we don't want to retry right away and hammer the server */
  *last_secpoll = now.tv_sec;

  SyncRes resolver(now);
  if (g_dnssecmode != DNSSECMode::Off) {
    resolver.setDoDNSSEC(true);
    resolver.setDNSSECValidationRequested(true);
  }
  resolver.setId("SecPoll");

  vector<DNSRecord> ret;

  string version = "recursor-" + pkgv;
  string qstring(version.substr(0, 63) + ".security-status." + ::arg()["security-poll-suffix"]);

  if (*qstring.rbegin() != '.') {
    qstring += '.';
  }

  std::replace(qstring.begin(), qstring.end(), '+', '_');
  std::replace(qstring.begin(), qstring.end(), '~', '_');

  vState state = vState::Indeterminate;
  DNSName query(qstring);
  int res = resolver.beginResolve(query, QType(QType::TXT), 1, ret);

  if (g_dnssecmode != DNSSECMode::Off && res != 0) {
    state = resolver.getValidationState();
  }

  auto vlog = log->withValues("version", Logging::Loggable(pkgv), "query", Logging::Loggable(query));
  if (vStateIsBogus(state)) {
    vlog->info(Logr::Error, "Failed to retrieve security status update", "validationResult", Logging::Loggable(vStateToString(state)));
    if (g_security_status == 1) { // If we were OK, go to unknown
      g_security_status = 0;
    }
    return;
  }

  if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {
    vlog->info(Logr::Warning, "Not validating response for security status update, this is a non-release version");
    return;
  }

  string security_message;
  int security_status = static_cast<int>(g_security_status);

  try {
    processSecPoll(res, ret, security_status, security_message);
  }
  catch (const PDNSException& pe) {
    g_security_status = security_status;
    vlog->error(Logr::Warning, pe.reason, "Failed to retrieve security status update");
    return;
  }

  auto rlog = vlog->withValues("securitymessage", Logging::Loggable(security_message), "status", Logging::Loggable(security_status));
  if (g_security_status != 1 && security_status == 1) {
    rlog->info(Logr::Notice, "Polled security status of version, no known issues reported");
  }
  if (security_status == 2) {
    rlog->info(Logr::Error, "PowerDNS Security Update Recommended");
  }
  if (security_status == 3) {
    rlog->info(Logr::Error, "PowerDNS Security Update Mandatory");
  }

  g_security_status = security_status;
}

1	#ifdef HAVE_CONFIG_H
2	#include "config.h"
3	#endif
4	#include "secpoll-recursor.hh"
5	#include "syncres.hh"
6	#include "logger.hh"
7	#include "arguments.hh"
8	#include "version.hh"
9	#include "validate-recursor.hh"
10	#include "secpoll.hh"
11
12	#include <cstdint>
13	#ifndef PACKAGEVERSION
14	#define PACKAGEVERSION getPDNSVersion()	15✔
15	#endif
16
17	pdns::stat_t g_security_status;
18
19	void doSecPoll(time_t* last_secpoll, Logr::log_t log)
20	{	114✔
21	if (::arg()["security-poll-suffix"].empty()) {	114✔
22	return;	99✔
23	}	99✔
24
25	string pkgv(PACKAGEVERSION);	15✔
26	struct timeval now{};	15✔
27	Utility::gettimeofday(&now);	15✔
28
29	/* update last_secpoll right now, even if it fails
30	we don't want to retry right away and hammer the server */
31	*last_secpoll = now.tv_sec;	15✔
32
33	SyncRes resolver(now);	15✔
34	if (g_dnssecmode != DNSSECMode::Off) {	15!
35	resolver.setDoDNSSEC(true);	15✔
36	resolver.setDNSSECValidationRequested(true);	15✔
37	}	15✔
38	resolver.setId("SecPoll");	15✔
39
40	vector<DNSRecord> ret;	15✔
41
42	string version = "recursor-" + pkgv;	15✔
43	string qstring(version.substr(0, 63) + ".security-status." + ::arg()["security-poll-suffix"]);	15✔
44
45	if (*qstring.rbegin() != '.') {	15!
46	qstring += '.';	×
47	}	×
48
49	std::replace(qstring.begin(), qstring.end(), '+', '_');	15✔
50	std::replace(qstring.begin(), qstring.end(), '~', '_');	15✔
51
52	vState state = vState::Indeterminate;	15✔
53	DNSName query(qstring);	15✔
54	int res = resolver.beginResolve(query, QType(QType::TXT), 1, ret);	15✔
55
56	if (g_dnssecmode != DNSSECMode::Off && res != 0) {	15!
57	state = resolver.getValidationState();	15✔
58	}	15✔
59
60	auto vlog = log->withValues("version", Logging::Loggable(pkgv), "query", Logging::Loggable(query));	15✔
61	if (vStateIsBogus(state)) {	15!
62	vlog->info(Logr::Error, "Failed to retrieve security status update", "validationResult", Logging::Loggable(vStateToString(state)));	×
63	if (g_security_status == 1) { // If we were OK, go to unknown	×
64	g_security_status = 0;	×
65	}	×
66	return;	×
67	}	×
68
69	if (res == RCode::NXDomain && !isReleaseVersion(pkgv)) {	15!
70	vlog->info(Logr::Warning, "Not validating response for security status update, this is a non-release version");	×
71	return;	×
72	}	×
73
74	string security_message;	15✔
75	int security_status = static_cast<int>(g_security_status);	15✔
76
77	try {	15✔
78	processSecPoll(res, ret, security_status, security_message);	15✔
79	}	15✔
80	catch (const PDNSException& pe) {	15✔
81	g_security_status = security_status;	15✔
82	vlog->error(Logr::Warning, pe.reason, "Failed to retrieve security status update");	15✔
83	return;	15✔
84	}	15✔
85
86	auto rlog = vlog->withValues("securitymessage", Logging::Loggable(security_message), "status", Logging::Loggable(security_status));	×
87	if (g_security_status != 1 && security_status == 1) {	×
88	rlog->info(Logr::Notice, "Polled security status of version, no known issues reported");	×
89	}	×
90	if (security_status == 2) {	×
91	rlog->info(Logr::Error, "PowerDNS Security Update Recommended");	×
92	}	×
93	if (security_status == 3) {	×
94	rlog->info(Logr::Error, "PowerDNS Security Update Mandatory");	×
95	}	×
96
97	g_security_status = security_status;	×
98	}	×

PowerDNS / pdns / 18903493638

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous