1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
|
/*
* ZLint Copyright 2024 Regents of the University of Michigan
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy
* of the License at http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
* implied. See the License for the specific language governing
* permissions and limitations under the License.
*/
package util
import (
"net"
"net/url"
"regexp"
"strings"
zcutil "github.com/zmap/zcrypto/util"
"github.com/zmap/zcrypto/x509"
)
func RemovePrependedQuestionMarks(domain string) string {
for strings.HasPrefix(domain, "?.") {
domain = domain[2:]
}
return domain
}
func RemovePrependedWildcard(domain string) string {
return strings.TrimPrefix(domain, "*.")
}
func IsFQDN(domain string) bool {
domain = RemovePrependedWildcard(domain)
domain = RemovePrependedQuestionMarks(domain)
return zcutil.IsURL(domain)
}
func GetAuthority(uri string) string {
parsed, err := url.Parse(uri)
if err != nil {
return ""
}
if parsed.Opaque != "" {
// non-empty Opaque means that there is no authority
return ""
}
if len(uri) < 4 {
return ""
}
// https://tools.ietf.org/html/rfc3986#section-3
// The only time an authority is present is if there is a // after the scheme.
firstColon := strings.Index(uri, ":")
postScheme := uri[firstColon+1:]
// After the scheme, there is the hier-part, optionally followed by a query or fragment.
if !strings.HasPrefix(postScheme, "//") {
// authority is always prefixed by //
return ""
}
for i := 2; i < len(postScheme); i++ {
// in the hier-part, the authority is followed by either an absolute path, or the empty string.
// So, the authority is terminated by the start of an absolute path (/), the start of a fragment (#) or the start of a query(?)
if postScheme[i] == '/' || postScheme[i] == '#' || postScheme[i] == '?' {
return postScheme[2:i]
}
}
// Found no absolute path, fragment or query -- so the authority is the only data after the scheme://
return postScheme[2:]
}
func GetHost(auth string) string {
begin := strings.Index(auth, "@")
if begin == len(auth)-1 {
begin = -1
}
end := strings.Index(auth, ":")
if end == -1 {
end = len(auth)
}
if end < begin {
return ""
}
return auth[begin+1 : end]
}
func AuthIsFQDNOrIP(auth string) bool {
return IsFQDNOrIP(GetHost(auth))
}
func IsFQDNOrIP(host string) bool {
if IsFQDN(host) {
return true
}
if net.ParseIP(host) != nil {
return true
}
return false
}
func DNSNamesExist(cert *x509.Certificate) bool {
if cert.Subject.CommonName == "" && len(cert.DNSNames) == 0 {
return false
} else {
return true
}
}
func CommonNameIsIP(cert *x509.Certificate) bool {
ip := net.ParseIP(cert.Subject.CommonName)
if ip == nil {
return false
} else {
return true
}
}
var nonLDHCharacterRegex = regexp.MustCompile(`[^a-zA-Z0-9\-]`)
func IsLDHLabel(label string) bool {
return len(label) > 0 &&
len(label) <= 63 &&
!nonLDHCharacterRegex.MatchString(label) &&
!strings.HasPrefix(label, "-") &&
!strings.HasSuffix(label, "-") &&
!(HasReservedLabelPrefix(label) && !HasXNLabelPrefix(label))
}
|
