Class: GitHubPages::HealthCheck::Domain

Inherits:

Checkable

• Object
• Checkable
• GitHubPages::HealthCheck::Domain

Defined in:

lib/github-pages-health-check/domain.rb

Constant Summary

LEGACY_IP_ADDRESSES =

[
  # Legacy GitHub Datacenter
  "207.97.227.245",
  "204.232.175.78",

  # Aug. 2016 Fastly datacenter deprecation
  "199.27.73.133",
  "199.27.76.133",

  # Feb. 2017 Fastly datacenter deprecation
  "103.245.222.133",
  "103.245.223.133",
  "103.245.224.133",
  "104.156.81.133",
  "104.156.82.133",
  "104.156.83.133",
  "104.156.85.133",
  "104.156.87.133",
  "104.156.88.133",
  "104.156.89.133",
  "104.156.90.133",
  "104.156.91.133",
  "104.156.92.133",
  "104.156.93.133",
  "104.156.94.133",
  "104.156.95.133",
  "104.37.95.133",
  "157.52.64.133",
  "157.52.66.133",
  "157.52.67.133",
  "157.52.68.133",
  "157.52.69.133",
  "157.52.96.133",
  "172.111.64.133",
  "172.111.96.133",
  "185.31.16.133",
  "185.31.17.133",
  "185.31.18.133",
  "185.31.19.133",
  "199.27.74.133",
  "199.27.75.133",
  "199.27.76.133",
  "199.27.78.133",
  "199.27.79.133",
  "23.235.33.133",
  "23.235.37.133",
  "23.235.39.133",
  "23.235.40.133",
  "23.235.41.133",
  "23.235.43.133",
  "23.235.44.133",
  "23.235.45.133",
  "23.235.46.133",
  "23.235.47.133",
  "23.235.47.133",
  "43.249.72.133",
  "43.249.73.133",
  "43.249.74.133",
  "43.249.75.133",

  # 2018 Move to GitHub assigned IP space
  "192.30.252.153",
  "192.30.252.154"
].freeze

CURRENT_IP_ADDRESSES =

%w(
  185.199.108.153
  185.199.109.153
  185.199.110.153
  185.199.111.153
).freeze

HASH_METHODS =

%i[
  host uri nameservers dns_resolves? proxied? cloudflare_ip?
  fastly_ip? old_ip_address? a_record? cname_record?
  mx_records_present? valid_domain? apex_domain? should_be_a_record?
  cname_to_github_user_domain? cname_to_pages_dot_github_dot_com?
  cname_to_fastly? pointed_to_github_pages_ip?
  non_github_pages_ip_present? pages_domain?
  served_by_pages? valid? reason valid_domain? https?
  enforces_https? https_error https_eligible? caa_error
].freeze

REQUESTED_RECORD_TYPES =

[
  Dnsruby::Types::A,
  Dnsruby::Types::AAAA,
  Dnsruby::Types::CNAME,
  Dnsruby::Types::MX
].freeze

Instance Attribute Summary

• #host ⇒ Object readonly

  Returns the value of attribute host.

• #nameservers ⇒ Object readonly

  Returns the value of attribute nameservers.

• #resolver ⇒ Object readonly

  Returns the value of attribute resolver.

Class Method Summary

• .redundant(host) ⇒ Object

Instance Method Summary

• #a_record? ⇒ Boolean

  Is this domain’s first response an A record?.

• #aaaa_record_present? ⇒ Boolean
• #apex_domain? ⇒ Boolean

  Is this domain an apex domain, meaning a CNAME would be innapropriate.

• #caa_error ⇒ Object

  Any errors querying CAA records.

• #check! ⇒ Object

  Runs all checks, raises an error if invalid.

• #cloudflare_ip? ⇒ Boolean

  Does the domain resolve to a CloudFlare-owned IP.

• #cname ⇒ Object

  The domain to which this domain’s CNAME resolves Returns nil if the domain is not a CNAME.

• #cname_record? ⇒ Boolean (also: #cname?)

  Is this domain’s first response a CNAME record?.

• #cname_to_fastly? ⇒ Boolean

  Is the given domain CNAME’d directly to our Fastly account?.

• #cname_to_github_user_domain? ⇒ Boolean

  Is the domain’s first response a CNAME to a pages domain?.

• #cname_to_pages_dot_github_dot_com? ⇒ Boolean

  Is the given domain a CNAME to pages.github.(io|com) instead of being CNAME’d to the user’s subdomain?.

• #deprecated_ip? ⇒ Boolean
• #dns ⇒ Object

  Returns an array of DNS answers.

• #dns? ⇒ Boolean (also: #dns_resolves?)

  Are we even able to get the DNS record?.

• #enforces_https? ⇒ Boolean

  Does this domain redirect HTTP requests to HTTPS?.

• #fastly? ⇒ Boolean

  Is the host our Fastly CNAME?.

• #fastly_ip? ⇒ Boolean

  Does the domain resolve to a Fastly-owned IP.

• #github_domain? ⇒ Boolean

  Is this domain owned by GitHub?.

• #https? ⇒ Boolean

  Does this domain respond to HTTPS requests with a valid cert?.

• #https_eligible? ⇒ Boolean

  Can an HTTPS certificate be issued for this domain?.

• #https_error ⇒ Object

  The response code of the HTTPS request, if it failed.

• #initialize(host, nameservers: :default) ⇒ Domain constructor

  A new instance of Domain.

• #invalid_a_record? ⇒ Boolean
• #invalid_aaaa_record? ⇒ Boolean
• #invalid_cname? ⇒ Boolean
• #mx_records_present? ⇒ Boolean
• #non_github_pages_ip_present? ⇒ Boolean

  Are any of the domain’s A records pointing elsewhere?.

• #old_ip_address? ⇒ Boolean

  Does this domain have any A record that points to the legacy IPs?.

• #pages_domain? ⇒ Boolean

  Is the host a *.github.(io|com) domain?.

• #pages_dot_github_dot_com? ⇒ Boolean

  Is the host pages.github.com or pages.github.io?.

• #pages_io_domain? ⇒ Boolean

  Is the host a *.github.io domain?.

• #pointed_to_github_pages_ip? ⇒ Boolean

  Is the domain’s first response an A record to a valid GitHub Pages IP?.

• #proxied? ⇒ Boolean

  Does this non-GitHub-pages domain proxy a GitHub Pages site?.

• #served_by_pages? ⇒ Boolean
• #should_be_a_record? ⇒ Boolean

  Should the domain use an A record?.

• #should_be_cname_record? ⇒ Boolean
• #uri(overrides = {}) ⇒ Object
• #valid_domain? ⇒ Boolean

  Is this a valid domain that PublicSuffix recognizes? Used as an escape hatch to prevent false positives on DNS checkes.

Methods inherited from Checkable

#reason, #to_hash, #to_json, #to_s, #to_s_pretty, #valid?

Constructor Details

#initialize(host, nameservers: :default) ⇒ Domain

Returns a new instance of Domain.

# File 'lib/github-pages-health-check/domain.rb', line 95

def initialize(host, nameservers: :default)
  unless host.is_a? String
    raise ArgumentError, "Expected string, got #{host.class}"
  end

  @host = normalize_host(host)
  @nameservers = nameservers
  @resolver = GitHubPages::HealthCheck::Resolver.new(self.host,
    :nameservers => nameservers)
end

Instance Attribute Details

#host ⇒ Object (readonly)

Returns the value of attribute host.

# File 'lib/github-pages-health-check/domain.rb', line 6

def host
  @host
end

#nameservers ⇒ Object (readonly)

Returns the value of attribute nameservers.

# File 'lib/github-pages-health-check/domain.rb', line 6

def nameservers
  @nameservers
end

#resolver ⇒ Object (readonly)

Returns the value of attribute resolver.

# File 'lib/github-pages-health-check/domain.rb', line 6

def resolver
  @resolver
end

Class Method Details

.redundant(host) ⇒ Object

# File 'lib/github-pages-health-check/domain.rb', line 91

def self.redundant(host)
  GitHubPages::HealthCheck::RedundantCheck.new(host).check
end

Instance Method Details

#a_record? ⇒ Boolean

Is this domain’s first response an A record?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 301

def a_record?
  return unless dns?
  dns.first.type == Dnsruby::Types::A
end

#aaaa_record_present? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 306

def aaaa_record_present?
  return unless dns?
  dns.any? { |answer| answer.type == Dnsruby::Types::AAAA }
end

#apex_domain? ⇒ Boolean

Is this domain an apex domain, meaning a CNAME would be innapropriate

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 154

def apex_domain?
  return @apex_domain if defined?(@apex_domain)
  return unless valid_domain?

  # PublicSuffix.domain pulls out the apex-level domain name.
  # E.g. PublicSuffix.domain("techblog.netflix.com") # => "netflix.com"
  # It's aware of multi-step top-level domain names:
  # E.g. PublicSuffix.domain("blog.digital.gov.uk") # => "digital.gov.uk"
  # For apex-level domain names, DNS providers do not support CNAME records.
  unicode_host = Addressable::IDNA.to_unicode(host)
  PublicSuffix.domain(unicode_host) == unicode_host
end

#caa_error ⇒ Object

Any errors querying CAA records

# File 'lib/github-pages-health-check/domain.rb', line 376

def caa_error
  return nil unless caa.errored?
  caa.error.class.name
end

#check! ⇒ Object

Runs all checks, raises an error if invalid

Raises:

• (Errors::InvalidDomainError)

# File 'lib/github-pages-health-check/domain.rb', line 107

def check!
  raise Errors::InvalidDomainError, :domain => self unless valid_domain?
  raise Errors::InvalidDNSError, :domain => self    unless dns_resolves?
  raise Errors::DeprecatedIPError, :domain => self if deprecated_ip?
  return true if proxied?
  raise Errors::InvalidARecordError, :domain => self    if invalid_a_record?
  raise Errors::InvalidCNAMEError, :domain => self      if invalid_cname?
  raise Errors::InvalidAAAARecordError, :domain => self if invalid_aaaa_record?
  raise Errors::NotServedByPagesError, :domain => self  unless served_by_pages?
  true
end

#cloudflare_ip? ⇒ Boolean

Does the domain resolve to a CloudFlare-owned IP

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 235

def cloudflare_ip?
  cdn_ip?(CloudFlare)
end

#cname ⇒ Object

The domain to which this domain’s CNAME resolves Returns nil if the domain is not a CNAME

# File 'lib/github-pages-health-check/domain.rb', line 321

def cname
  return unless dns.first.type == Dnsruby::Types::CNAME
  @cname ||= Domain.new(dns.first.cname.to_s)
end

#cname_record? ⇒ Boolean Also known as: cname?

Is this domain’s first response a CNAME record?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 312

def cname_record?
  return unless dns?
  return false unless cname
  cname.valid_domain?
end

#cname_to_fastly? ⇒ Boolean

Is the given domain CNAME’d directly to our Fastly account?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 205

def cname_to_fastly?
  cname? && !pages_domain? && cname.fastly?
end

#cname_to_github_user_domain? ⇒ Boolean

Is the domain’s first response a CNAME to a pages domain?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 192

def cname_to_github_user_domain?
  cname? && !cname_to_pages_dot_github_dot_com? && cname.pages_domain?
end

#cname_to_pages_dot_github_dot_com? ⇒ Boolean

Is the given domain a CNAME to pages.github.(io|com) instead of being CNAME’d to the user’s subdomain?

domain - the domain to check, generaly the target of a cname

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 200

def cname_to_pages_dot_github_dot_com?
  cname? && cname.pages_dot_github_dot_com?
end

#deprecated_ip? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 119

def deprecated_ip?
  return @deprecated_ip if defined? @deprecated_ip
  @deprecated_ip = (valid_domain? && a_record? && old_ip_address?)
end

#dns ⇒ Object

Returns an array of DNS answers

# File 'lib/github-pages-health-check/domain.rb', line 270

def dns
  return @dns if defined? @dns
  return unless valid_domain?
  @dns = Timeout.timeout(TIMEOUT) do
    GitHubPages::HealthCheck.without_warnings do
      next if host.nil?
      REQUESTED_RECORD_TYPES
        .map { |type| resolver.query(type) }
        .flatten.uniq
    end
  end
rescue StandardError
  @dns = nil
end

#dns? ⇒ Boolean Also known as: dns_resolves?

Are we even able to get the DNS record?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 286

def dns?
  !(dns.nil? || dns.empty?)
end

#enforces_https? ⇒ Boolean

Does this domain redirect HTTP requests to HTTPS?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 362

def enforces_https?
  return false unless https? && http_response.headers["Location"]
  redirect = Addressable::URI.parse(http_response.headers["Location"])
  redirect.scheme == "https" && redirect.host == host
end

#fastly? ⇒ Boolean

Is the host our Fastly CNAME?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 230

def fastly?
  !!host.match(/\A#{Regexp.union(Fastly::HOSTNAMES)}\z/i)
end

#fastly_ip? ⇒ Boolean

Does the domain resolve to a Fastly-owned IP

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 240

def fastly_ip?
  cdn_ip?(Fastly)
end

#github_domain? ⇒ Boolean

Is this domain owned by GitHub?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 225

def github_domain?
  !!host.downcase.end_with?("github.com")
end

#https? ⇒ Boolean

Does this domain respond to HTTPS requests with a valid cert?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 351

def https?
  https_response.return_code == :ok
end

#https_eligible? ⇒ Boolean

Can an HTTPS certificate be issued for this domain?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 369

def https_eligible?
  (cname_to_github_user_domain? || pointed_to_github_pages_ip?) &&
    !aaaa_record_present? && !non_github_pages_ip_present? &&
    caa.lets_encrypt_allowed?
end

#https_error ⇒ Object

The response code of the HTTPS request, if it failed. Useful for diagnosing cert errors

# File 'lib/github-pages-health-check/domain.rb', line 357

def https_error
  https_response.return_code unless https?
end

#invalid_a_record? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 130

def invalid_a_record?
  return @invalid_a_record if defined? @invalid_a_record
  @invalid_a_record = (valid_domain? && a_record? && !should_be_a_record?)
end

#invalid_aaaa_record? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 124

def invalid_aaaa_record?
  return @invalid_aaaa_record if defined? @invalid_aaaa_record
  @invalid_aaaa_record = (valid_domain? && should_be_a_record? &&
                          aaaa_record_present?)
end

#invalid_cname? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 135

def invalid_cname?
  return @invalid_cname if defined? @invalid_cname
  @invalid_cname = begin
    return false unless valid_domain?
    return false if github_domain? || apex_domain?
    return true  if cname_to_pages_dot_github_dot_com? || cname_to_fastly?
    !cname_to_github_user_domain? && should_be_cname_record?
  end
end

#mx_records_present? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 326

def mx_records_present?
  return unless dns?
  dns.any? { |answer| answer.type == Dnsruby::Types::MX }
end

#non_github_pages_ip_present? ⇒ Boolean

Are any of the domain’s A records pointing elsewhere?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 182

def non_github_pages_ip_present?
  return unless dns?
  a_records = dns.select { |answer| answer.type == Dnsruby::Types::A }

  a_records.any? { |answer| !github_pages_ip?(answer.address.to_s) }

  false
end

#old_ip_address? ⇒ Boolean

Does this domain have any A record that points to the legacy IPs?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 292

def old_ip_address?
  return unless dns?

  dns.any? do |answer|
    answer.type == Dnsruby::Types::A && legacy_ip?(answer.address.to_s)
  end
end

#pages_domain? ⇒ Boolean

Is the host a *.github.(io|com) domain?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 215

def pages_domain?
  !!host.match(/\A[\w-]+\.github\.(io|com)\.?\z/i)
end

#pages_dot_github_dot_com? ⇒ Boolean

Is the host pages.github.com or pages.github.io?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 220

def pages_dot_github_dot_com?
  !!host.match(/\Apages\.github\.(io|com)\.?\z/i)
end

#pages_io_domain? ⇒ Boolean

Is the host a *.github.io domain?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 210

def pages_io_domain?
  !!host.match(/\A[\w-]+\.github\.(io)\.?\z/i)
end

#pointed_to_github_pages_ip? ⇒ Boolean

Is the domain’s first response an A record to a valid GitHub Pages IP?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 177

def pointed_to_github_pages_ip?
  a_record? && CURRENT_IP_ADDRESSES.include?(dns.first.address.to_s)
end

#proxied? ⇒ Boolean

Does this non-GitHub-pages domain proxy a GitHub Pages site?

This can be:

1. A Cloudflare-owned IP address
2. A site that returns GitHub.com server headers, but
   isn't CNAME'd to a GitHub domain
3. A site that returns GitHub.com server headers, but
   isn't CNAME'd to a GitHub IP

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 252

def proxied?
  return unless dns?
  return true if cloudflare_ip?
  return false if pointed_to_github_pages_ip?
  return false if cname_to_github_user_domain?
  return false if cname_to_pages_dot_github_dot_com?
  return false if cname_to_fastly? || fastly_ip?
  served_by_pages?
end

#served_by_pages? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 331

def served_by_pages?
  return @served_by_pages if defined? @served_by_pages
  return unless dns_resolves?

  @served_by_pages = begin
    return false unless response.mock? || response.return_code == :ok
    return true if response.headers["Server"] == "GitHub.com"

    # Typhoeus mangles the case of the header, compare insensitively
    response.headers.any? { |k, _v| k =~ /X-GitHub-Request-Id/i }
  end
end

#should_be_a_record? ⇒ Boolean

Should the domain use an A record?

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 168

def should_be_a_record?
  !pages_io_domain? && (apex_domain? || mx_records_present?)
end

#should_be_cname_record? ⇒ Boolean

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 172

def should_be_cname_record?
  !should_be_a_record?
end

#uri(overrides = {}) ⇒ Object

# File 'lib/github-pages-health-check/domain.rb', line 344

def uri(overrides = {})
  options = { :host => host, :scheme => scheme, :path => "/" }
  options = options.merge(overrides)
  Addressable::URI.new(options).normalize.to_s
end

#valid_domain? ⇒ Boolean

Is this a valid domain that PublicSuffix recognizes? Used as an escape hatch to prevent false positives on DNS checkes

Returns:

• (Boolean)

# File 'lib/github-pages-health-check/domain.rb', line 147

def valid_domain?
  return @valid if defined? @valid
  unicode_host = Addressable::IDNA.to_unicode(host)
  @valid = PublicSuffix.valid?(unicode_host, :default_rule => nil)
end