From: Bob Halley <halley@dnspython.org>
Date: Sun, 24 Oct 2021 13:10:58 +0000 (-0700)
Subject: Validate resolver nameservers when set [Issue #699].
X-Git-Tag: v2.2.0rc1~48
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e298b0d231db0444746886252c9a48ce8fce364d;p=thirdparty%2Fdnspython.git

Validate resolver nameservers when set [Issue #699].
---

diff --git a/dns/resolver.py b/dns/resolver.py
index 6a9974d8..08e9e617 100644
--- a/dns/resolver.py
+++ b/dns/resolver.py
@@ -1120,6 +1120,14 @@ class BaseResolver:
         ``list``.
         """
         if isinstance(nameservers, list):
+            for nameserver in nameservers:
+                if not dns.inet.is_address(nameserver):
+                    try:
+                        if urlparse(nameserver).scheme != 'https':
+                            raise NotImplementedError
+                    except Exception:
+                        raise ValueError(f'nameserver {nameserver} is not an '
+                                         'IP address or valid https URL')
             self._nameservers = nameservers
         else:
             raise ValueError('nameservers must be a list'
@@ -1219,9 +1227,6 @@ class Resolver(BaseResolver):
                                                      source_port=source_port,
                                                      raise_on_truncation=True)
                     else:
-                        protocol = urlparse(nameserver).scheme
-                        if protocol != 'https':
-                            raise NotImplementedError
                         response = dns.query.https(request, nameserver,
                                                    timeout=timeout)
                 except Exception as ex:
diff --git a/tests/test_async.py b/tests/test_async.py
index cad7e20d..0782c7a0 100644
--- a/tests/test_async.py
+++ b/tests/test_async.py
@@ -216,14 +216,6 @@ class AsyncTests(unittest.TestCase):
             return await dns.asyncresolver.canonical_name(name)
         self.assertEqual(self.async_run(run), cname)
 
-    def testResolverBadScheme(self):
-        res = dns.asyncresolver.Resolver(configure=False)
-        res.nameservers = ['bogus://dns.google/dns-query']
-        async def run():
-            answer = await res.resolve('dns.google', 'A')
-        def bad():
-            self.async_run(run)
-        self.assertRaises(dns.resolver.NoNameservers, bad)
 
     def testZoneForName1(self):
         async def run():
diff --git a/tests/test_doh.py b/tests/test_doh.py
index 793a5006..835e07da 100644
--- a/tests/test_doh.py
+++ b/tests/test_doh.py
@@ -139,12 +139,6 @@ class DNSOverHTTPSTestCase(unittest.TestCase):
         self.assertTrue('8.8.8.8' in seen)
         self.assertTrue('8.8.4.4' in seen)
 
-    def test_resolver_bad_scheme(self):
-        res = dns.resolver.Resolver(configure=False)
-        res.nameservers = ['bogus://dns.google/dns-query']
-        def bad():
-            answer = res.resolve('dns.google', 'A')
-        self.assertRaises(dns.resolver.NoNameservers, bad)
 
 if __name__ == '__main__':
     unittest.main()
diff --git a/tests/test_resolver.py b/tests/test_resolver.py
index b2a47d23..ecd1bf22 100644
--- a/tests/test_resolver.py
+++ b/tests/test_resolver.py
@@ -700,6 +700,16 @@ class LiveResolverTests(unittest.TestCase):
         cname = dns.name.from_text('dangling-target.dnspython.org')
         self.assertEqual(dns.resolver.canonical_name(name), cname)
 
+    def testNameserverSetting(self):
+        res = dns.resolver.Resolver(configure=False)
+        ns = ['1.2.3.4', '::1', 'https://ns.example']
+        res.nameservers = ns[:]
+        self.assertEqual(res.nameservers, ns)
+        for ns in ['999.999.999.999', 'ns.example.', 'bogus://ns.example']:
+            with self.assertRaises(ValueError):
+                res.nameservers = [ns]
+
+
 class PollingMonkeyPatchMixin(object):
     def setUp(self):
         self.__native_selector_class = dns.query._selector_class