Class: GitHubPages::HealthCheck::Domain

Inherits:
Checkable
  • Object
show all
Defined in:
lib/github-pages-health-check/domain.rb

Constant Summary collapse

LEGACY_IP_ADDRESSES = 
[
  # Legacy GitHub Datacenter
  "207.97.227.245",
  "204.232.175.78",

  # Aug. 2016 Fastly datacenter deprecation
  "199.27.73.133",
  "199.27.76.133",

  # Feb. 2017 Fastly datacenter deprecation
  "103.245.222.133",
  "103.245.223.133",
  "103.245.224.133",
  "104.156.81.133",
  "104.156.82.133",
  "104.156.83.133",
  "104.156.85.133",
  "104.156.87.133",
  "104.156.88.133",
  "104.156.89.133",
  "104.156.90.133",
  "104.156.91.133",
  "104.156.92.133",
  "104.156.93.133",
  "104.156.94.133",
  "104.156.95.133",
  "104.37.95.133",
  "157.52.64.133",
  "157.52.66.133",
  "157.52.67.133",
  "157.52.68.133",
  "157.52.69.133",
  "157.52.96.133",
  "172.111.64.133",
  "172.111.96.133",
  "185.31.16.133",
  "185.31.17.133",
  "185.31.18.133",
  "185.31.19.133",
  "199.27.74.133",
  "199.27.75.133",
  "199.27.76.133",
  "199.27.78.133",
  "199.27.79.133",
  "23.235.33.133",
  "23.235.37.133",
  "23.235.39.133",
  "23.235.40.133",
  "23.235.41.133",
  "23.235.43.133",
  "23.235.44.133",
  "23.235.45.133",
  "23.235.46.133",
  "23.235.47.133",
  "23.235.47.133",
  "43.249.72.133",
  "43.249.73.133",
  "43.249.74.133",
  "43.249.75.133"
].freeze
CURRENT_IP_ADDRESSES = 
%w(
  192.30.252.153
  192.30.252.154
).freeze
HASH_METHODS = 
i[
  host uri dns_resolves? proxied? cloudflare_ip? fastly_ip?
  old_ip_address? a_record? cname_record? mx_records_present?
  valid_domain? apex_domain? should_be_a_record?
  cname_to_github_user_domain? cname_to_pages_dot_github_dot_com?
  cname_to_fastly? pointed_to_github_pages_ip? pages_domain?
  served_by_pages? valid_domain? https? enforces_https? https_error
].freeze

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods inherited from Checkable

#reason, #to_hash, #to_json, #to_s, #to_s_pretty, #valid?

Constructor Details

#initialize(host) ⇒ Domain

Returns a new instance of Domain.



83
84
85
86
87
88
89
 
# File 'lib/github-pages-health-check/domain.rb', line 83

def initialize(host)
  unless host.is_a? String
    raise ArgumentError, "Expected string, got #{host.class}"
  end

  @host = normalize_host(host)
end

Instance Attribute Details

#hostObject (readonly)

Returns the value of attribute host.



6
7
8
 
# File 'lib/github-pages-health-check/domain.rb', line 6

def host
  @host
end

Instance Method Details

#a_record?Boolean

Is this domain’s first response an A record?

Returns:

  • (Boolean) 


259
260
261
262
 
# File 'lib/github-pages-health-check/domain.rb', line 259

def a_record?
  return unless dns?
  dns.first.class == Net::DNS::RR::A
end

#apex_domain?Boolean

Is this domain an apex domain, meaning a CNAME would be innapropriate

Returns:

  • (Boolean) 


131
132
133
134
135
136
137
138
139
140
141
 
# File 'lib/github-pages-health-check/domain.rb', line 131

def apex_domain?
  return @apex_domain if defined?(@apex_domain)
  return unless valid_domain?

  # PublicSuffix.domain pulls out the apex-level domain name.
  # E.g. PublicSuffix.domain("techblog.netflix.com") # => "netflix.com"
  # It's aware of multi-step top-level domain names:
  # E.g. PublicSuffix.domain("blog.digital.gov.uk") # => "digital.gov.uk"
  # For apex-level domain names, DNS providers do not support CNAME records.
  PublicSuffix.domain(host) == host
end

#check!Object

Runs all checks, raises an error if invalid

Raises:



92
93
94
95
96
97
98
99
100
101
 
# File 'lib/github-pages-health-check/domain.rb', line 92

def check!
  raise Errors::InvalidDomainError, :domain => self unless valid_domain?
  raise Errors::InvalidDNSError, :domain => self    unless dns_resolves?
  raise Errors::DeprecatedIPError, :domain => self if deprecated_ip?
  return true if proxied?
  raise Errors::InvalidARecordError, :domain => self    if invalid_a_record?
  raise Errors::InvalidCNAMEError, :domain => self      if invalid_cname?
  raise Errors::NotServedByPagesError, :domain => self  unless served_by_pages?
  true
end

#cloudflare_ip?Boolean

Does the domain resolve to a CloudFlare-owned IP

Returns:

  • (Boolean) 


196
197
198
 
# File 'lib/github-pages-health-check/domain.rb', line 196

def cloudflare_ip?
  cdn_ip?(CloudFlare)
end

#cnameObject

The domain to which this domain’s CNAME resolves Returns nil if the domain is not a CNAME



274
275
276
277
 
# File 'lib/github-pages-health-check/domain.rb', line 274

def cname
  return unless dns.first.class == Net::DNS::RR::CNAME
  @cname ||= Domain.new(dns.first.cname.to_s)
end

#cname_record?Boolean Also known as: cname?

Is this domain’s first response a CNAME record?

Returns:

  • (Boolean) 


265
266
267
268
269
 
# File 'lib/github-pages-health-check/domain.rb', line 265

def cname_record?
  return unless dns?
  return false unless cname
  cname.valid_domain?
end

#cname_to_fastly?Boolean

Is the given domain CNAME’d directly to our Fastly account?

Returns:

  • (Boolean) 


171
172
173
 
# File 'lib/github-pages-health-check/domain.rb', line 171

def cname_to_fastly?
  cname? && !pages_domain? && cname.fastly?
end

#cname_to_github_user_domain?Boolean

Is the domain’s first response a CNAME to a pages domain?

Returns:

  • (Boolean) 


158
159
160
 
# File 'lib/github-pages-health-check/domain.rb', line 158

def cname_to_github_user_domain?
  cname? && !cname_to_pages_dot_github_dot_com? && cname.pages_domain?
end

#cname_to_pages_dot_github_dot_com?Boolean

Is the given domain a CNAME to pages.github.(io|com) instead of being CNAME’d to the user’s subdomain?

domain - the domain to check, generaly the target of a cname

Returns:

  • (Boolean) 


166
167
168
 
# File 'lib/github-pages-health-check/domain.rb', line 166

def cname_to_pages_dot_github_dot_com?
  cname? && cname.pages_dot_github_dot_com?
end

#deprecated_ip?Boolean

Returns:

  • (Boolean) 


103
104
105
106
 
# File 'lib/github-pages-health-check/domain.rb', line 103

def deprecated_ip?
  return @deprecated_ip if defined? @deprecated_ip
  @deprecated_ip = (valid_domain? && a_record? && old_ip_address?)
end

#dnsObject

Returns an array of DNS answers



224
225
226
227
228
229
230
231
232
233
234
235
236
237
 
# File 'lib/github-pages-health-check/domain.rb', line 224

def dns
  return @dns if defined? @dns
  return unless valid_domain?
  @dns = Timeout.timeout(TIMEOUT) do
    GitHubPages::HealthCheck.without_warnings do
      unless host.nil?
        resolver.search(absolute_domain, Net::DNS::A).answer +
          resolver.search(absolute_domain, Net::DNS::MX).answer
      end
    end
  end
rescue StandardError
  @dns = nil
end

#dns?Boolean Also known as: dns_resolves?

Are we even able to get the DNS record?

Returns:

  • (Boolean) 


244
245
246
 
# File 'lib/github-pages-health-check/domain.rb', line 244

def dns?
  !(dns.nil? || dns.empty?)
end

#enforces_https?Boolean

Does this domain redirect HTTP requests to HTTPS?

Returns:

  • (Boolean) 


315
316
317
318
319
 
# File 'lib/github-pages-health-check/domain.rb', line 315

def enforces_https?
  return false unless https? && http_response.headers["Location"]
  redirect = Addressable::URI.parse(http_response.headers["Location"])
  redirect.scheme == "https" && redirect.host == host
end

#fastly?Boolean

Is the host our Fastly CNAME?

Returns:

  • (Boolean) 


191
192
193
 
# File 'lib/github-pages-health-check/domain.rb', line 191

def fastly?
  !!host.match(/\A#{Regexp.union(Fastly::HOSTNAMES)}\z/i)
end

#fastly_ip?Boolean

Does the domain resolve to a Fastly-owned IP

Returns:

  • (Boolean) 


201
202
203
 
# File 'lib/github-pages-health-check/domain.rb', line 201

def fastly_ip?
  cdn_ip?(Fastly)
end

#github_domain?Boolean

Is this domain owned by GitHub?

Returns:

  • (Boolean) 


186
187
188
 
# File 'lib/github-pages-health-check/domain.rb', line 186

def github_domain?
  !!host.downcase.end_with?("github.com")
end

#https?Boolean

Does this domain respond to HTTPS requests with a valid cert?

Returns:

  • (Boolean) 


304
305
306
 
# File 'lib/github-pages-health-check/domain.rb', line 304

def https?
  https_response.return_code == :ok
end

#https_errorObject

The response code of the HTTPS request, if it failed. Useful for diagnosing cert errors



310
311
312
 
# File 'lib/github-pages-health-check/domain.rb', line 310

def https_error
  https_response.return_code unless https?
end

#invalid_a_record?Boolean

Returns:

  • (Boolean) 


108
109
110
111
 
# File 'lib/github-pages-health-check/domain.rb', line 108

def invalid_a_record?
  return @invalid_a_record if defined? @invalid_a_record
  @invalid_a_record = (valid_domain? && a_record? && !should_be_a_record?)
end

#invalid_cname?Boolean

Returns:

  • (Boolean) 


113
114
115
116
117
118
119
120
121
 
# File 'lib/github-pages-health-check/domain.rb', line 113

def invalid_cname?
  return @invalid_cname if defined? @invalid_cname
  @invalid_cname = begin
    return false unless valid_domain?
    return false if github_domain? || apex_domain?
    return true  if cname_to_pages_dot_github_dot_com? || cname_to_fastly?
    !cname_to_github_user_domain? && should_be_cname_record?
  end
end

#mx_records_present?Boolean

Returns:

  • (Boolean) 


279
280
281
282
 
# File 'lib/github-pages-health-check/domain.rb', line 279

def mx_records_present?
  return unless dns?
  dns.any? { |answer| answer.class == Net::DNS::RR::MX }
end

#old_ip_address?Boolean

Does this domain have any A record that points to the legacy IPs?

Returns:

  • (Boolean) 


250
251
252
253
254
255
256
 
# File 'lib/github-pages-health-check/domain.rb', line 250

def old_ip_address?
  return unless dns?

  dns.any? do |answer|
    answer.is_a?(Net::DNS::RR::A) && legacy_ip?(answer.address.to_s)
  end
end

#pages_domain?Boolean

Is the host a *.github.io domain?

Returns:

  • (Boolean) 


176
177
178
 
# File 'lib/github-pages-health-check/domain.rb', line 176

def pages_domain?
  !!host.match(/\A[\w-]+\.github\.(io|com)\.?\z/i)
end

#pages_dot_github_dot_com?Boolean

Is the host pages.github.com or pages.github.io?

Returns:

  • (Boolean) 


181
182
183
 
# File 'lib/github-pages-health-check/domain.rb', line 181

def pages_dot_github_dot_com?
  !!host.match(/\Apages\.github\.(io|com)\.?\z/i)
end

#pointed_to_github_pages_ip?Boolean

Is the domain’s first response an A record to a valid GitHub Pages IP?

Returns:

  • (Boolean) 


153
154
155
 
# File 'lib/github-pages-health-check/domain.rb', line 153

def pointed_to_github_pages_ip?
  a_record? && CURRENT_IP_ADDRESSES.include?(dns.first.value)
end

#proxied?Boolean

Does this non-GitHub-pages domain proxy a GitHub Pages site?

This can be:

1. A Cloudflare-owned IP address
2. A site that returns GitHub.com server headers, but
   isn't CNAME'd to a GitHub domain
3. A site that returns GitHub.com server headers, but
   isn't CNAME'd to a GitHub IP

Returns:

  • (Boolean) 


213
214
215
216
217
218
219
220
221
 
# File 'lib/github-pages-health-check/domain.rb', line 213

def proxied?
  return unless dns?
  return true if cloudflare_ip?
  return false if pointed_to_github_pages_ip?
  return false if cname_to_github_user_domain?
  return false if cname_to_pages_dot_github_dot_com?
  return false if cname_to_fastly? || fastly_ip?
  served_by_pages?
end

#resolverObject 



239
240
241
 
# File 'lib/github-pages-health-check/domain.rb', line 239

def resolver
  @resolver ||= Net::DNS::Resolver.new
end

#served_by_pages?Boolean

Returns:

  • (Boolean) 


284
285
286
287
288
289
290
291
292
293
294
295
 
# File 'lib/github-pages-health-check/domain.rb', line 284

def served_by_pages?
  return @served_by_pages if defined? @served_by_pages
  return unless dns_resolves?

  @served_by_pages = begin
    return false unless response.mock? || response.return_code == :ok
    return true if response.headers["Server"] == "GitHub.com"

    # Typhoeus mangles the case of the header, compare insensitively
    response.headers.any? { |k, _v| k =~ /X-GitHub-Request-Id/i }
  end
end

#should_be_a_record?Boolean

Should the domain be an apex record?

Returns:

  • (Boolean) 


144
145
146
 
# File 'lib/github-pages-health-check/domain.rb', line 144

def should_be_a_record?
  !pages_domain? && (apex_domain? || mx_records_present?)
end

#should_be_cname_record?Boolean

Returns:

  • (Boolean) 


148
149
150
 
# File 'lib/github-pages-health-check/domain.rb', line 148

def should_be_cname_record?
  !should_be_a_record?
end

#uri(overrides = {}) ⇒ Object 



297
298
299
300
301
 
# File 'lib/github-pages-health-check/domain.rb', line 297

def uri(overrides = {})
  options = { :host => host, :scheme => scheme, :path => "/" }
  options = options.merge(overrides)
  Addressable::URI.new(options).normalize.to_s
end

#valid_domain?Boolean

Is this a valid domain that PublicSuffix recognizes? Used as an escape hatch to prevent false positives on DNS checkes

Returns:

  • (Boolean) 


125
126
127
128
 
# File 'lib/github-pages-health-check/domain.rb', line 125

def valid_domain?
  return @valid if defined? @valid
  @valid = PublicSuffix.valid?(host, :default_rule => nil)
end