diff options
Diffstat (limited to '')
-rw-r--r-- | tests/knot/test_semantic_check.in | 129 |
1 files changed, 129 insertions, 0 deletions
diff --git a/tests/knot/test_semantic_check.in b/tests/knot/test_semantic_check.in new file mode 100644 index 0000000..ad65f78 --- /dev/null +++ b/tests/knot/test_semantic_check.in @@ -0,0 +1,129 @@ +#!/bin/sh + +KZONECHECK="@top_builddir@/src/kzonecheck" +DATA="@top_srcdir@/tests/knot/semantic_check_data" + +. "@top_srcdir@/tests/tap/libtap.sh" + +TMPDIR=$(test_tmpdir) +LOG="$TMPDIR/log" + +# Params: zonefile fatal_error expected_erros_count semcheck_err_msg +expect_error() +{ + if [ ! -r "$DATA/$1" ]; then + skip_block 4 "missing zone file for test" + return + fi + + "$KZONECHECK" -o example.com "$DATA/$1" > "$LOG" + ok "$1 - check program return" test $? -eq 1 + + fatal=$(grep -E "^Serious semantic error detected" $LOG | wc -l) + ok "$1 - check fatal" test $fatal -eq $2 + + errors=$(grep -E "^\[.+\] $4" $LOG | wc -l) + ok "$1 - check errors" test $errors -eq $3 + if [ $errors != $3 ]; then + diag "expected errors $3 but found $errors" + fi +} + +#param zonefile +test_correct() +{ + $KZONECHECK -o example.com "$DATA/$1" > /dev/null + ok "$1 - correct zone, without error" test $? -eq 0 +} + +if [ ! -x $KZONECHECK ]; then + skip_all "kzonecheck is missing or is not executable" +fi + +# error messages exported from knot/src/zone/semantic-check.c +CDNSKEY_MULTIPLE="multiple CDNSKEY records" +CDNSKEY_NONE="missing CDNSKEY" +CDS_MULTIPLE="multiple CDS records" +CDS_NONE="missing CDS" +CDS_NOT_MATCH="CDS not match CDNSKEY" +CNAME_EXTRA_RECORDS="more records exist at CNAME" +CNAME_MULTIPLE="multiple CNAME records" +DNAME_CHILDREN="child record exists under DNAME" +DNSKEY_PROTO="invalid protocol in DNSKEY" +DS_ALG="invalid algorithm in DS" +NSEC3PARAM_FLAGS="invalid flags in NSEC3PARAM" +NSEC3_ALG="incorrect algorithm in NSEC3" +NSEC3_INSECURE_DELEGATION_OPT="insecure delegation outside NSEC3 opt-out" +NSEC3_ITERS="incorrect number of iterations in NSEC3" +NSEC3_NONE="missing NSEC3" +NSEC3_RDATA_BITMAP="incorrect type bitmap in NSEC3" +NSEC3_RDATA_CHAIN="incoherent NSEC3 chain" +NSEC_NONE="missing NSEC" +NSEC_RDATA_BITMAP="incorrect type bitmap in NSEC" +NSEC_RDATA_CHAIN="incoherent NSEC chain" +NSEC_RDATA_MULTIPLE="multiple NSEC records" +NS_APEX="missing NS at the zone apex" +NS_GLUE="missing glue record" +RRSIG_EXPIRED="expired RRSIG" +RRSIG_NO_RRSIG="missing RRSIG" +RRSIG_RDATA_DNSKEY_OWNER="wrong signer's name in RRSIG" +RRSIG_RDATA_TTL="wrong original TTL in RRSIG" +RRSIG_SIGNED="signed RRSIG" +RRSIG_UNVERIFIABLE="unverifiable signature" + +plan_lazy + +expect_error "cname_extra_01.zone" 1 1 "$CNAME_EXTRA_RECORDS" +expect_error "cname_extra_02.signed" 1 1 "$CNAME_EXTRA_RECORDS" +expect_error "cname_multiple.zone" 1 1 "$CNAME_MULTIPLE" +expect_error "dname_children.zone" 1 1 "$DNAME_CHILDREN" + +expect_error "missing_ns.zone" 0 1 "$NS_APEX" +expect_error "missing_glue_01.zone" 0 2 "$NS_GLUE" +expect_error "missing_glue_02.zone" 0 1 "$NS_GLUE" +expect_error "missing_glue_03.zone" 0 1 "$NS_GLUE" +expect_error "different_signer_name.signed" 0 1 "$RRSIG_RDATA_DNSKEY_OWNER \(record type NSEC\)" +expect_error "different_signer_name.signed" 0 1 "$RRSIG_UNVERIFIABLE \(record type NSEC\)" +expect_error "no_rrsig.signed" 0 1 "$RRSIG_NO_RRSIG \(record type A\)" +expect_error "no_rrsig.signed" 0 1 "$RRSIG_NO_RRSIG \(record type NSEC\)" +expect_error "no_rrsig_with_delegation.signed" 0 1 "$RRSIG_NO_RRSIG \(record type NSEC\)" +expect_error "nsec_broken_chain_01.signed" 0 1 "$NSEC_RDATA_CHAIN" +expect_error "nsec_broken_chain_02.signed" 0 1 "$NSEC_RDATA_CHAIN" +expect_error "nsec_missing.signed" 0 1 "$NSEC_NONE" +expect_error "nsec_multiple.signed" 0 1 "$NSEC_RDATA_MULTIPLE" +expect_error "nsec_wrong_bitmap_01.signed" 0 1 "$NSEC_RDATA_BITMAP" +expect_error "nsec_wrong_bitmap_02.signed" 0 1 "$NSEC_RDATA_BITMAP" +expect_error "nsec3_missing.signed" 0 1 "$NSEC3_NONE" +expect_error "nsec3_wrong_bitmap_01.signed" 0 1 "$NSEC3_RDATA_BITMAP" +expect_error "nsec3_wrong_bitmap_02.signed" 0 1 "$NSEC3_RDATA_BITMAP" +expect_error "nsec3_ds.signed" 0 1 "$NSEC3_NONE" +expect_error "nsec3_optout.signed" 0 1 "$NSEC3_INSECURE_DELEGATION_OPT" +expect_error "nsec3_chain_01.signed" 0 1 "$NSEC3_RDATA_CHAIN" +expect_error "nsec3_chain_02.signed" 0 2 "$NSEC3_RDATA_CHAIN" +expect_error "nsec3_chain_03.signed" 0 2 "$NSEC3_RDATA_CHAIN" +expect_error "nsec3_param_invalid.signed" 0 1 "$NSEC3_ALG" +expect_error "nsec3_param_invalid.signed" 0 1 "$NSEC3_ITERS" +expect_error "nsec3_param_invalid.signed" 0 1 "$NSEC3PARAM_FLAGS" +expect_error "rrsig_signed.signed" 0 1 "$RRSIG_SIGNED" +expect_error "rrsig_rdata_ttl.signed" 0 1 "$RRSIG_RDATA_TTL \(record type A\)" +expect_error "duplicate.signature" 0 7 "$RRSIG_EXPIRED" +expect_error "missing.signed" 0 1 "$NSEC_NONE" +expect_error "dnskey_param_error.signed" 0 1 "$DNSKEY_PROTO" +expect_error "invalid_ds.signed" 0 2 "$DS_ALG \(keytag 60485\)" +expect_error "cdnskey.invalid" 0 1 "$CDS_NOT_MATCH" +expect_error "cdnskey.invalid.param" 0 1 "$CDS_NOT_MATCH" +expect_error "cdnskey.nocds" 0 1 "$CDS_NONE" +expect_error "cdnskey.nocdnskey" 0 1 "$CDNSKEY_NONE" +expect_error "cdnskey.nodnskey" 0 1 "$CDNSKEY_NOT_MATCH" +expect_error "cdnskey.two" 0 1 "$CDS_MULTIPLE" +expect_error "cdnskey.two" 0 1 "$CDNSKEY_MULTIPLE" + +test_correct "rrsig_ttl.signed" +test_correct "no_error_delegaton_bitmap.signed" +test_correct "no_error_nsec3_delegation.signed" +test_correct "no_error_nsec3_optout.signed" +test_correct "no_error_wildcard_glue.zone" +test_correct "cdnskey.cds" +test_correct "dname_apex_nsec3.signed" + +rm $LOG |