diff options
| author | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-03-23 10:05:48 +0100 |
|---|---|---|
| committer | Rasmus Dahlberg <rasmus@rgdd.se> | 2023-03-23 10:05:48 +0100 |
| commit | 38df474cf30b0b1d077c8d53b353a859af99c7d6 (patch) | |
| tree | 37334f33b1b96c2c7b02819dbcde96277483f73f /internal | |
| parent | 2823c663a0d0845c2abcbcef76efca9af550ca75 (diff) | |
Drop sanitize of SANs
Less complex, we will just pass lines to Go's HTTP GET as is.
Diffstat (limited to 'internal')
| -rw-r--r-- | internal/sanitize/sanitize.go | 85 |
1 files changed, 0 insertions, 85 deletions
diff --git a/internal/sanitize/sanitize.go b/internal/sanitize/sanitize.go deleted file mode 100644 index 6fcdf09..0000000 --- a/internal/sanitize/sanitize.go +++ /dev/null @@ -1,85 +0,0 @@ -// Copyright (C) 2016 Opsmate, Inc. -// -// This Source Code Form is subject to the terms of the Mozilla -// Public License, v. 2.0. If a copy of the MPL was not distributed -// with this file, You can obtain one at http://mozilla.org/MPL/2.0/. -// -// This software is distributed WITHOUT A WARRANTY OF ANY KIND. -// See the Mozilla Public License for details. -// -// From: https://github.com/SSLMate/certspotter/blob/master/identifiers.go -// Minor tweaks to get a SanitizeDNSName function for ASCII names only. -package sanitize - -import ( - "fmt" - "strings" -) - -// Try to canonicalize/sanitize the DNS name: -// -// 1. Trim leading and trailing whitespace -// 2. Trim trailing dots -// 3. Trim http:// and https:// prefix -// 4. Convert to lower case -// 5. Error if the DNS labels are not composed of ASCII characters 32-126 or "\t" -// -// Please note that the above is not necessarily a good filter for real CT -// monitoring (this is why we're not applying it in the collect stage). It is -// also not a good filter for getting rid of non-domain names like "funny str". -// It is however simple to understand ("printable ascii chars"), and should be -// good enough for the purpose of assembling a SANs data set from CT logs. -func SanitizeDNSName(value string) (string, error) { - value = trimHttpPrefixString(strings.ToLower(trimTrailingDots(strings.TrimSpace(value)))) - if !isASCIIString([]byte(value)) { - return "", fmt.Errorf("not an ascii string: %x", []byte(value)) - } - - labels := strings.Split(value, ".") - for _, label := range labels { - if !isSaneDNSLabel(label) { - return "", fmt.Errorf("process label %x", []byte(label)) - } - } - return strings.Join(labels, "."), nil -} - -func trimTrailingDots(value string) string { - length := len(value) - for length > 0 && value[length-1] == '.' { - length-- - } - return value[0:length] -} - -func trimHttpPrefixString(value string) string { - if strings.HasPrefix(value, "http://") { - return value[7:] - } else if strings.HasPrefix(value, "https://") { - return value[8:] - } else { - return value - } -} - -func isASCIIString(value []byte) bool { - for _, b := range value { - if b > 127 { - return false - } - } - return true -} - -func isSaneDNSLabel(label string) bool { - for _, ch := range label { - if !isSaneDNSLabelChar(ch) { - return false - } - } - return true -} - -func isSaneDNSLabelChar(ch rune) bool { - return ch == '\t' || (ch >= 32 && ch <= 126) -} |