Skip to content

PYTHON-5288: SRV hostname validation fails when resolver and resolved hostnames are identical with three domain levels #2272

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 7 commits into from
Apr 9, 2025
Merged

PYTHON-5288: SRV hostname validation fails when resolver and resolved hostnames are identical with three domain levels #2272

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
c767cd4
Fix SRV hostname validation fails
aclark4life Apr 9, 2025
c2bc931
Review fixes
aclark4life Apr 9, 2025
66d045e
Check length of fqdn not srv host
aclark4life Apr 9, 2025
0f1f8a7
Move test case to separate test
aclark4life Apr 9, 2025
03ccebe
Use newly defined srv_host
aclark4life Apr 9, 2025
0dc962b
Use split_fqdn
aclark4life Apr 9, 2025
e474e22
Add changelog entry
aclark4life Apr 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion pymongo/asynchronous/srv_resolver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,8 @@ async def _get_srv_response_and_hosts(

# Validate hosts
for node in nodes:
if self.__fqdn == node[0].lower():
srv_host = node[0].lower()
if self.__fqdn == srv_host and len(srv_host.split(".")) < 3:
raise ConfigurationError(
"Invalid SRV host: return address is identical to SRV hostname"
)
Expand Down
3 changes: 2 additions & 1 deletion pymongo/synchronous/srv_resolver.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,7 +137,8 @@ def _get_srv_response_and_hosts(

# Validate hosts
for node in nodes:
if self.__fqdn == node[0].lower():
srv_host = node[0].lower()
if self.__fqdn == srv_host and len(srv_host.split(".")) < 3:
raise ConfigurationError(
"Invalid SRV host: return address is identical to SRV hostname"
)
Expand Down
17 changes: 13 additions & 4 deletions test/asynchronous/test_dns.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -220,12 +220,15 @@ async def mock_resolve(query, record_type, *args, **kwargs):
mock_resolver.side_effect = mock_resolve
domain = case["query"].split("._tcp.")[1]
connection_string = f"mongodb+srv://{domain}"
try:
if "expected_error" not in case:
await parse_uri(connection_string)
except ConfigurationError as e:
self.assertIn(case["expected_error"], str(e))
else:
self.fail(f"ConfigurationError was not raised for query: {case['query']}")
try:
await parse_uri(connection_string)
except ConfigurationError as e:
self.assertIn(case["expected_error"], str(e))
else:
self.fail(f"ConfigurationError was not raised for query: {case['query']}")

async def test_1_allow_srv_hosts_with_fewer_than_three_dot_separated_parts(self):
with patch("dns.asyncresolver.resolve"):
Expand Down Expand Up @@ -264,6 +267,12 @@ async def test_3_throw_when_return_address_is_identical_to_srv_hostname(self):
"mock_target": "mongo.local",
"expected_error": "Invalid SRV host",
},
# When the SRV hostname has three or more dot-separated parts
# it is valid for the returned hostnames to be identical.
{
"query": "_mongodb._tcp.blogs.mongodb.com",
"mock_target": "blogs.mongodb.com",
},
]
await self.run_initial_dns_seedlist_discovery_prose_tests(test_cases)

Expand Down
17 changes: 13 additions & 4 deletions test/test_dns.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -218,12 +218,15 @@ def mock_resolve(query, record_type, *args, **kwargs):
mock_resolver.side_effect = mock_resolve
domain = case["query"].split("._tcp.")[1]
connection_string = f"mongodb+srv://{domain}"
try:
if "expected_error" not in case:
parse_uri(connection_string)
except ConfigurationError as e:
self.assertIn(case["expected_error"], str(e))
else:
self.fail(f"ConfigurationError was not raised for query: {case['query']}")
try:
parse_uri(connection_string)
except ConfigurationError as e:
self.assertIn(case["expected_error"], str(e))
else:
self.fail(f"ConfigurationError was not raised for query: {case['query']}")

def test_1_allow_srv_hosts_with_fewer_than_three_dot_separated_parts(self):
with patch("dns.resolver.resolve"):
Expand Down Expand Up @@ -262,6 +265,12 @@ def test_3_throw_when_return_address_is_identical_to_srv_hostname(self):
"mock_target": "mongo.local",
"expected_error": "Invalid SRV host",
},
# When the SRV hostname has three or more dot-separated parts
# it is valid for the returned hostnames to be identical.
{
"query": "_mongodb._tcp.blogs.mongodb.com",
"mock_target": "blogs.mongodb.com",
},
]
self.run_initial_dns_seedlist_discovery_prose_tests(test_cases)

Expand Down
Loading