From 67f87d203c7649ac8a43d4dc3897f2cf494a1124 Mon Sep 17 00:00:00 2001 From: tate Date: Mon, 26 Feb 2024 13:04:58 +1100 Subject: [PATCH] wildcard expansion check --- packages/ensjs/src/errors/dns.ts | 8 ++ .../functions/dns/getDnsOffchainData.test.ts | 100 ++++++++++++++++++ .../src/functions/dns/getDnsOffchainData.ts | 13 +++ packages/ensjs/src/index.ts | 3 + .../ensjs/src/utils/dns/getDnsTxtRecords.ts | 2 +- 5 files changed, 125 insertions(+), 1 deletion(-) diff --git a/packages/ensjs/src/errors/dns.ts b/packages/ensjs/src/errors/dns.ts index 6e50a55a..01dbbb26 100644 --- a/packages/ensjs/src/errors/dns.ts +++ b/packages/ensjs/src/errors/dns.ts @@ -22,6 +22,14 @@ export class DnsDnssecVerificationFailedError extends BaseError { } } +export class DnsDnssecWildcardExpansionError extends BaseError { + override name = 'DnsDnssecWildcardExpansionError' + + constructor() { + super('DNSSEC wildcard expansion not supported') + } +} + export class DnsNoTxtRecordError extends BaseError { override name = 'DnsNoTxtRecordError' diff --git a/packages/ensjs/src/functions/dns/getDnsOffchainData.test.ts b/packages/ensjs/src/functions/dns/getDnsOffchainData.test.ts index 5a96a5a7..2ab61cf7 100644 --- a/packages/ensjs/src/functions/dns/getDnsOffchainData.test.ts +++ b/packages/ensjs/src/functions/dns/getDnsOffchainData.test.ts @@ -55,6 +55,12 @@ it('returns offchain data', async () => { TTL: 0, data: '"ENS1 0x238A8F792dFA6033814B18618aD4100654aeef01"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) @@ -82,6 +88,12 @@ it('returns offchain data with extra data as address', async () => { TTL: 0, data: '"ENS1 0x238A8F792dFA6033814B18618aD4100654aeef01 0x8e8Db5CcEF88cca9d624701Db544989C996E3216"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) @@ -109,6 +121,12 @@ it('returns offchain data with extra data as text', async () => { TTL: 0, data: '"ENS1 0x238A8F792dFA6033814B18618aD4100654aeef01 hello world"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) @@ -136,6 +154,12 @@ it('returns offchain data from ens name', async () => { TTL: 0, data: '"ENS1 dnsname.ens.eth"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) @@ -169,6 +193,12 @@ it('returns first offchain data from multiple', async () => { TTL: 0, data: '"ENS1 0x8e8Db5CcEF88cca9d624701Db544989C996E3216"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) @@ -208,6 +238,12 @@ it('returns first valid offchain data when multiple invalid', async () => { TTL: 0, data: '"ENS1 0x238A8F792dFA6033814B18618aD4100654aeef01"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) @@ -235,6 +271,12 @@ it('allows subname input', async () => { TTL: 0, data: '"ENS1 0x238A8F792dFA6033814B18618aD4100654aeef01"', }, + { + name: 'sub.example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 3', + }, ], }) @@ -365,6 +407,52 @@ describe('no TXT records', () => { }) }) +describe('wildcard expansion', () => { + beforeEach(() => { + createHandlerResponse(handler, { + Status: 0, + AD: true, + Answer: [ + { + name: 'example.com', + type: 16, + TTL: 0, + data: '"ENS1 0x238A8F792dFA6033814B18618aD4100654aeef01"', + }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 1', + }, + ], + }) + }) + + it('strict: throws error', async () => { + await expect( + getDnsOffchainData(mainnetPublicClient, { + name: 'example.com', + endpoint: serverUrl, + strict: true, + }), + ).rejects.toThrowErrorMatchingInlineSnapshot(` + [DnsDnssecWildcardExpansionError: DNSSEC wildcard expansion not supported + + Version: @ensdomains/ensjs@1.0.0-mock.0] + `) + }) + it('not strict: returns null', async () => { + await expect( + getDnsOffchainData(mainnetPublicClient, { + name: 'example.com', + endpoint: serverUrl, + strict: false, + }), + ).resolves.toBeNull() + }) +}) + describe('only invalid records', () => { beforeEach(() => { createHandlerResponse(handler, { @@ -383,6 +471,12 @@ describe('only invalid records', () => { TTL: 0, data: '"ENS1 randomnonsense"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) }) @@ -430,6 +524,12 @@ describe('no eligible invalid records', () => { TTL: 0, data: '"random"', }, + { + name: 'example.com', + type: 46, + TTL: 0, + data: 'TXT ALGORITHM 2', + }, ], }) }) diff --git a/packages/ensjs/src/functions/dns/getDnsOffchainData.ts b/packages/ensjs/src/functions/dns/getDnsOffchainData.ts index 75d07048..11beda84 100644 --- a/packages/ensjs/src/functions/dns/getDnsOffchainData.ts +++ b/packages/ensjs/src/functions/dns/getDnsOffchainData.ts @@ -2,6 +2,7 @@ import { isAddress, type Address, type Client, type Transport } from 'viem' import type { ChainWithEns } from '../../contracts/consts.js' import { DnsDnssecVerificationFailedError, + DnsDnssecWildcardExpansionError, DnsInvalidTxtRecordError, DnsNoTxtRecordError, DnsResponseStatusError, @@ -110,6 +111,18 @@ const getDnsOffchainData = async ( if (!response.Answer?.length) throw new DnsNoTxtRecordError() + const labels = name.split('.') + const rrsigRecord = response.Answer.find((record) => { + if (record.type !== DnsRecordType.RRSIG) return false + if (record.name !== name) return false + if (!record.data.startsWith('TXT')) return false + const [, , labelCount] = record.data.split(' ') + // mismatching label count implies wildcard expansion, which is not supported + return Number(labelCount) === labels.length + }) + + if (!rrsigRecord) throw new DnsDnssecWildcardExpansionError() + const ensTxtRecords = await Promise.all( response.Answer.map((record) => checkValidEnsTxtRecord(client, record)), ) diff --git a/packages/ensjs/src/index.ts b/packages/ensjs/src/index.ts index 9de9ad9a..0dbfeb5d 100644 --- a/packages/ensjs/src/index.ts +++ b/packages/ensjs/src/index.ts @@ -31,6 +31,7 @@ export { BaseError } from './errors/base.js' export { NoChainError, UnsupportedChainError } from './errors/contracts.js' export { DnsDnssecVerificationFailedError, + DnsDnssecWildcardExpansionError, DnsInvalidAddressChecksumError, DnsInvalidTxtRecordError, DnsNewerRecordTypeAvailableError, @@ -62,9 +63,11 @@ export { FusesOutOfRangeError, FusesRestrictionNotAllowedError, FusesValueRequiredError, + InvalidContentHashError, InvalidEncodedLabelError, InvalidLabelhashError, NameWithEmptyLabelsError, RootNameIncludesOtherLabelsError, + UnknownContentTypeError, WrappedLabelTooLargeError, } from './errors/utils.js' diff --git a/packages/ensjs/src/utils/dns/getDnsTxtRecords.ts b/packages/ensjs/src/utils/dns/getDnsTxtRecords.ts index 368cc2bd..f6e3b5df 100644 --- a/packages/ensjs/src/utils/dns/getDnsTxtRecords.ts +++ b/packages/ensjs/src/utils/dns/getDnsTxtRecords.ts @@ -25,7 +25,7 @@ export const getDnsTxtRecords = async ({ endpoint = 'https://cloudflare-dns.com/dns-query', }: GetDnsTxtRecordsParameters): Promise => { const response: DnsResponse = await fetch( - `${endpoint}?name=${name}.&type=TXT`, + `${endpoint}?name=${name}.&type=TXT&do=1`, { method: 'GET', headers: {