diff options
author | Casey Deccio <casey@deccio.net> | 2021-01-08 06:21:27 +0300 |
---|---|---|
committer | Casey Deccio <casey@deccio.net> | 2021-01-09 03:07:33 +0300 |
commit | d5c8fda453a9355280f18a2de0dee68e79133415 (patch) | |
tree | 80a7754c6b3a383b5a2b248dd21f1212c24362cf | |
parent | 8f4080c53cf7fe10b0a8eac59e94a796ab3d99fb (diff) |
Make wording more intuitive
-rw-r--r-- | dnsviz/analysis/errors.py | 16 | ||||
-rw-r--r-- | dnsviz/analysis/offline.py | 4 | ||||
-rw-r--r-- | dnsviz/analysis/status.py | 20 |
3 files changed, 20 insertions, 20 deletions
diff --git a/dnsviz/analysis/errors.py b/dnsviz/analysis/errors.py index 27a21ce..b01b342 100644 --- a/dnsviz/analysis/errors.py +++ b/dnsviz/analysis/errors.py @@ -252,9 +252,9 @@ class AlgorithmNotSupported(RRSIGError): super(AlgorithmNotSupported, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) -class AlgorithmMustNotValidate(RRSIGError): +class AlgorithmValidationProhibited(RRSIGError): ''' - >>> e = AlgorithmMustNotValidate(algorithm=5) + >>> e = AlgorithmValidationProhibited(algorithm=5) >>> e.args [5] >>> e.description @@ -262,13 +262,13 @@ class AlgorithmMustNotValidate(RRSIGError): ''' _abstract = False - code = 'ALGORITHM_MUST_NOT_VALIDATE' + code = 'ALGORITHM_VALIDATION_PROHIBITED' description_template = "DNSSEC specification prohibits validation of RRSIGs with DNSSEC algorithm %(algorithm)d (%(algorithm_text)s)." references = ['RFC 8624, Sec. 3.1'] required_params = ['algorithm'] def __init__(self, **kwargs): - super(AlgorithmMustNotValidate, self).__init__(**kwargs) + super(AlgorithmValidationProhibited, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = dns.dnssec.algorithm_to_text(self.template_kwargs['algorithm']) class DNSKEYRevokedRRSIG(RRSIGError): @@ -533,21 +533,21 @@ class DigestAlgorithmNotSupported(DSDigestError): super(DigestAlgorithmNotSupported, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) -class DigestAlgorithmMustNotValidate(DSDigestError): +class DigestAlgorithmValidationProhibited(DSDigestError): ''' - >>> e = DigestAlgorithmMustNotValidate(algorithm=5) + >>> e = DigestAlgorithmValidationProhibited(algorithm=5) >>> e.description 'DNSSEC specification prohibits validation of DS records that use digest algorithm 5 (5).' ''' _abstract = False - code = 'DIGEST_ALGORITHM_MUST_NOT_VALIDATE' + code = 'DIGEST_ALGORITHM_VALIDATION_PROHIBITED' description_template = "DNSSEC specification prohibits validation of DS records that use digest algorithm %(algorithm)d (%(algorithm_text)s)." references = ['RFC 8624, Sec. 3.2'] required_params = ['algorithm'] def __init__(self, **kwargs): - super(DigestAlgorithmMustNotValidate, self).__init__(**kwargs) + super(DigestAlgorithmValidationProhibited, self).__init__(**kwargs) self.template_kwargs['algorithm_text'] = fmt.DS_DIGEST_TYPES.get(self.template_kwargs['algorithm'], self.template_kwargs['algorithm']) class DNSKEYRevokedDS(DSDigestError): diff --git a/dnsviz/analysis/offline.py b/dnsviz/analysis/offline.py index dbea3db..dcfc58a 100644 --- a/dnsviz/analysis/offline.py +++ b/dnsviz/analysis/offline.py @@ -857,8 +857,8 @@ class OfflineDomainNameAnalysis(OnlineDomainNameAnalysis): # unless we are overriding, mark prohibited algorithms as not supported if not validate_prohibited_algs: - supported_algs.difference_update(Status.DNSKEY_ALGS_MUST_NOT_VALIDATE) - supported_digest_algs.difference_update(Status.DS_DIGEST_ALGS_MUST_NOT_VALIDATE) + supported_algs.difference_update(Status.DNSKEY_ALGS_VALIDATION_PROHIBITED) + supported_digest_algs.difference_update(Status.DS_DIGEST_ALGS_VALIDATION_PROHIBITED) self._populate_status(trusted_keys, supported_algs, supported_digest_algs, is_dlv, None, follow_mx) diff --git a/dnsviz/analysis/status.py b/dnsviz/analysis/status.py index 5ba2595..ae6a572 100644 --- a/dnsviz/analysis/status.py +++ b/dnsviz/analysis/status.py @@ -171,13 +171,13 @@ DS_DIGEST_ALGS_IGNORING_SHA1 = (2,) # RFC 8624 Section 3.1 DNSKEY_ALGS_NOT_RECOMMENDED = (5, 7, 10) -DNSKEY_ALGS_MUST_NOT_SIGN = (1, 3, 6, 12) -DNSKEY_ALGS_MUST_NOT_VALIDATE = (1, 3, 6) +DNSKEY_ALGS_PROHIBITED = (1, 3, 6, 12) +DNSKEY_ALGS_VALIDATION_PROHIBITED = (1, 3, 6) # RFC 8624 Section 3.2 DS_DIGEST_ALGS_NOT_RECOMMENDED = () -DS_DIGEST_ALGS_MUST_NOT_SIGN = (0, 1, 3) -DS_DIGEST_ALGS_MUST_NOT_VALIDATE = () +DS_DIGEST_ALGS_PROHIBITED = (0, 1, 3) +DS_DIGEST_ALGS_VALIDATION_PROHIBITED = () class RRSIGStatus(object): def __init__(self, rrset, rrsig, dnskey, zone_name, reference_ts, supported_algs): @@ -207,7 +207,7 @@ class RRSIGStatus(object): else: # If there is a DNSKEY, then we look at *why* we are ignoring # the cryptographic signature. - if self.dnskey.rdata.algorithm in DNSKEY_ALGS_MUST_NOT_VALIDATE: + if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED: # In this case, specification dictates that the algorithm # MUST NOT be validated, so we mark it as ignored. if self.validation_status == RRSIG_STATUS_VALID: @@ -225,8 +225,8 @@ class RRSIGStatus(object): # Independent of whether or not we considered the cryptographic # validation, issue a warning if we are using an algorithm for which # validation has been prohibited. - if self.dnskey.rdata.algorithm in DNSKEY_ALGS_MUST_NOT_VALIDATE: - self.warnings.append(Errors.AlgorithmMustNotValidate(algorithm=self.rrsig.algorithm)) + if self.dnskey.rdata.algorithm in DNSKEY_ALGS_VALIDATION_PROHIBITED: + self.warnings.append(Errors.AlgorithmValidationProhibited(algorithm=self.rrsig.algorithm)) if self.rrset.ttl_cmp: if self.rrset.rrset.ttl != self.rrset.rrsig_info[self.rrsig].ttl: @@ -395,7 +395,7 @@ class DSStatus(object): else: # If there is a DNSKEY, then we look at *why* we are ignoring # the digest of the DNSKEY. - if self.ds.digest_type in DS_DIGEST_ALGS_MUST_NOT_VALIDATE: + if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED: # In this case, specification dictates that the algorithm # MUST NOT be validated, so we mark it as ignored. if self.validation_status == DS_STATUS_VALID: @@ -413,8 +413,8 @@ class DSStatus(object): # Independent of whether or not we considered the digest for # validation, issue a warning if we are using a digest type for which # validation has been prohibited. - if self.ds.digest_type in DS_DIGEST_ALGS_MUST_NOT_VALIDATE: - self.warnings.append(Errors.DigestAlgorithmMustNotValidate(algorithm=self.ds.digest_type)) + if self.ds.digest_type in DS_DIGEST_ALGS_VALIDATION_PROHIBITED: + self.warnings.append(Errors.DigestAlgorithmValidationProhibited(algorithm=self.ds.digest_type)) if self.dnskey is not None and \ self.dnskey.rdata.flags & fmt.DNSKEY_FLAGS['revoke']: |