Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

DNS False Negatives #147

Closed
adhilto opened this issue Jan 11, 2024 · 1 comment · Fixed by #160
Closed

DNS False Negatives #147

adhilto opened this issue Jan 11, 2024 · 1 comment · Fixed by #160
Assignees
@adhilto
Labels
bug This issue or pull request addresses broken functionality good first issue This issue or pull request is well-defined and good for newcomers
Milestone
Barracuda

Comments

@adhilto
Copy link
Collaborator

adhilto commented Jan 11, 2024

🐛 Summary

If ScubaGoggles is unable to make DNS queries at all (e.g., due to network issues), the report will display passes for all SPF, DKIM, and DMARC checks.

To reproduce

Easiest way to reproduce this is to hard-code an error at the top of the query function within the RobustDNSClient so that the DNS calls don't work.

Expected behavior

You'd expect the report to display failures.

Any helpful log output or screenshots

The fix is super easy. Within Gmail.rego, change

AllDomains contains Domain.domain if {
    some Domain in input.dkim_records
}

to

AllDomains := {Domain | some Domain in input.domains}

Note that you'll also need to update the rego unit tests.
@adhilto adhilto added blocked This issue or pull request is awaiting the outcome of another issue or pull request bug This issue or pull request addresses broken functionality labels Jan 11, 2024
@adhilto adhilto self-assigned this Jan 11, 2024
@adhilto
Copy link
Collaborator Author

adhilto commented Jan 11, 2024

Blocked by #146.

@adhilto adhilto added good first issue This issue or pull request is well-defined and good for newcomers and removed blocked This issue or pull request is awaiting the outcome of another issue or pull request labels Jan 24, 2024
@buidav buidav added this to the Backlog milestone Jan 24, 2024
@adhilto adhilto mentioned this issue Jan 24, 2024
Merged
14 tasks
@adhilto adhilto linked a pull request Jan 24, 2024 that will close this issue
Correct DNS False Negatives #160
Merged
14 tasks
@adhilto adhilto mentioned this issue Jan 25, 2024
Merged
14 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@adhilto adhilto

Labels
bug This issue or pull request addresses broken functionality good first issue This issue or pull request is well-defined and good for newcomers
Projects
None yet
Milestone
Barracuda
Development

Successfully merging a pull request may close this issue.

Correct DNS False Negatives cisagov/ScubaGoggles
2 participants
@buidav @adhilto