Skip to content

Added RFC 3403-compliant guard clauses to DnsNAPTRRecordData constructor #51

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
zbalkan wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Added RFC 3403-compliant guard clauses to DnsNAPTRRecordData constructor #51

Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
98a3ba5
Added RFC 3403-compliant guard clauses to DnsNAPTRRecordData constructor
zbalkan Feb 3, 2026
8bdc964
Added copyright
zbalkan Feb 3, 2026
84661ed
Revert "Added copyright"
zbalkan Feb 9, 2026
0d5a784
Removed the trailing dot check.
zbalkan Feb 9, 2026
6dcaff3
Removed non-RFC-specified regex validation
zbalkan Feb 9, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
87 changes: 87 additions & 0 deletions TechnitiumLibrary.Net/Dns/ResourceRecords/DnsNAPTRRecordData.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ You should have received a copy of the GNU General Public License
using System.IO;
using System.Text;
using System.Text.Json;
using System.Text.RegularExpressions;
using System.Threading.Tasks;
using TechnitiumLibrary.IO;

Expand All @@ -46,6 +47,75 @@ public class DnsNAPTRRecordData : DnsResourceRecordData

public DnsNAPTRRecordData(ushort order, ushort preference, string flags, string services, string regexp, string replacement)
{
ArgumentNullException.ThrowIfNull(flags);

ArgumentNullException.ThrowIfNull(services);

ArgumentNullException.ThrowIfNull(regexp);

ArgumentNullException.ThrowIfNull(replacement);

// RFC 3403: REGEXP and REPLACEMENT are mutually exclusive
// If both are present (non-empty), the record is in error and MUST be rejected or ignored.
if (regexp.Length > 0 && replacement.Length > 0)
throw new ArgumentException(
"REGEXP and REPLACEMENT are mutually exclusive per RFC 3403.");

// RFC 3403: FLAGS validation
// Flags are single characters from A–Z and 0–9, case-insensitive.
for (int i = 0; i < flags.Length; i++)
{
char c = flags[i];
if (!(char.IsAsciiLetter(c) || char.IsDigit(c)))
Comment thread
zbalkan marked this conversation as resolved.
Outdated
throw new ArgumentException(
$"Invalid NAPTR flag '{c}'. Allowed set is A–Z and 0–9.",
nameof(flags));
}

// RFC 3403: SERVICES is a DNS <character-string>
Copy link
Copy Markdown
Member

@ShreyasZare ShreyasZare Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can contain arbitrary chars ans since the SERVICES parameter leaves it up to the application, validation for this param should be removed.

// RFC intentionally does NOT define semantics here; only basic sanity checks.
// Enforce non-control UTF-16 chars; deeper validation is application-specific.
for (int i = 0; i < services.Length; i++)
{
if (char.IsControl(services[i]))
throw new ArgumentException(
"SERVICES contains control characters, which are not permitted.",
nameof(services));
}

// RFC 3403: REPLACEMENT must be a fully qualified domain name
Copy link
Copy Markdown
Member

@ShreyasZare ShreyasZare Feb 21, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

validation for REPLACEMENT is already in place done using DnsClient.IsDomainNameValid. So this is can be removed. This library internally does not allow domain names to end with . char.

if (replacement.Length > 0)
{
// Must end with a root label (trailing dot)
if (!replacement.EndsWith(".", StringComparison.Ordinal))
throw new ArgumentException(
"REPLACEMENT must be a fully qualified domain name ending with a dot.",
nameof(replacement));

// No name compression, no empty labels except the root
if (replacement.Contains("..", StringComparison.Ordinal))
throw new ArgumentException(
"REPLACEMENT contains empty DNS labels.",
nameof(replacement));
}
Comment thread
zbalkan marked this conversation as resolved.

// RFC 3403: REGEXP sanity
// The RFC requires POSIX ERE semantics but does not mandate compile-time validation.
// Enforce only that it is non-empty when used.
if (regexp.Length == 0 && replacement.Length == 0)
throw new ArgumentException(
"Either REGEXP or REPLACEMENT must be specified per RFC 3403.");

// OPTIONAL: Validate regex, not defined in RFC.
// It is a NICE-TO-HAVE, not a MUST.
if (!IsValidRegex(regexp))
{
throw new ArgumentException(
"REGEXP is not a valid regular expression.",
nameof(regexp));
}

Comment thread
zbalkan marked this conversation as resolved.
Outdated
// DNS <character-string> constraints
if (DnsClient.IsDomainNameUnicode(replacement))
replacement = DnsClient.ConvertDomainNameToAscii(replacement);

Expand Down Expand Up @@ -84,6 +154,23 @@ private void Serialize()
}
}

private bool IsValidRegex(string pattern)
{
if (pattern is null) return false;
try
{
_ = new Regex(
pattern,
RegexOptions.None,
TimeSpan.FromMilliseconds(100));
return true;
}
catch (ArgumentException)
{
return false;
}
}
Comment thread
zbalkan marked this conversation as resolved.
Outdated

#endregion

#region protected
Expand Down
Loading