File Coverage

blib/lib/Data/Validate/DNS/SSHFP.pm

Criterion	Covered	Total	%
statement	45	47	95.7
branch	15	22	68.1
condition	10	18	55.5
subroutine	10	10	100.0
pod	4	4	100.0
total	84	101	83.1

line	stmt	bran	cond	sub	pod	time	code
1							#
2							# This file is part of Data-Validate-DNS-SSHFP
3							#
4							# This software is copyright (c) 2018 by Michael Schout.
5							#
6							# This is free software; you can redistribute it and/or modify it under
7							# the same terms as the Perl 5 programming language system itself.
8							#
9
10							package Data::Validate::DNS::SSHFP;
11							$Data::Validate::DNS::SSHFP::VERSION = '0.01';
12							# ABSTRACT: Validate DNS SSH Fingerprint (SSHFP) Record Values
13
14	3			3		1282	use 5.010;
	3					24
15	3			3		14	use strict;
	3					3
	3					48
16	3			3		24	use warnings;
	3					5
	3					75
17
18	3			3		1167	use parent 'Exporter';
	3					719
	3					19
19
20	3			3		1336	use Taint::Util 'untaint';
	3					1124
	3					12
21
22							our @EXPORT_OK = qw(
23							is_sshfp_algorithm
24							is_sshfp_fptype
25							is_sshfp_fingerprint);
26
27							our %EXPORT_TAGS = (all => \@EXPORT_OK);
28
29							my %DIGESTS = (
30							1 => 'SHA-1',
31							2 => 'SHA-256');
32
33
34							sub new {
35	2			2	1	228	my $class = shift;
36	2		33			13	bless {}, ref $class \|\| $class;
37							}
38
39
40							sub is_sshfp_algorithm {
41	11			11	1	3729	my ($self, $value, %opts) = _maybe_oo(@_);
42
43	11	50				28	return unless defined $value;
44
45	11		50			59	$opts{strict} //= 1;
46
47	11	50				38	if ($value =~ /[^0-9]/) {
48							return
49	0					0	}
50
51							# see https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml
52	11	50				27	if ($opts{strict}) {
53	11	100	66			49	if ($value < 1 or $value > 4) {
54	2					24	return;
55							}
56							}
57
58	9					36	untaint($value);
59
60	9					37	return $value;
61							}
62
63
64							sub is_sshfp_fptype {
65	16			16	1	2359	my ($self, $value, %opts) = _maybe_oo(@_);
66
67	16	50				78	return unless defined $value;
68
69	16		100			85	$opts{strict} //= 1;
70
71	16	50				57	if ($value =~ /[^0-9]/) {
72							return
73	0					0	}
74
75							# see https://www.iana.org/assignments/dns-sshfp-rr-parameters/dns-sshfp-rr-parameters.xhtml
76	16	50				66	if ($opts{strict}) {
77	16	100	66			76	if ($value < 1 or $value > 2) {
78	2					12	return;
79							}
80							}
81
82	14					46	untaint($value);
83
84	14					59	return $value;
85							}
86
87
88							sub is_sshfp_fingerprint {
89	9			9	1	1692	my ($self, $fptype, $value, %opts) = _maybe_oo(@_);
90
91	9		50			53	$opts{strict} //= 1;
92
93	9	50	33			42	return unless defined $value and is_sshfp_fptype($fptype, %opts);
94
95							# extract only hex chars
96	9					36	(my $data = $value) =~ s/[^0-9a-fA-F]//g;
97
98	9					31	my %digest_length = (
99							1 => 40,
100							2 => 64);
101
102	9	100				31	if (length $data != $digest_length{$fptype}) {
103	4					21	return;
104							}
105
106	5					17	untaint($value);
107
108	5					25	return $value;
109							}
110
111							sub _maybe_oo {
112	36	100		36		102	my $self = shift if ref $_[0];
113
114	36					120	return ($self, @_);
115							}
116
117							1;
118
119							__END__