bns - npm Package Compare versions

bns

Advanced tools

Install Socket

Detect and block malicious and high-risk dependencies

Comparing version 0.1.5 to 0.1.6

lib/ownership.js

lib/constants.js

		@@ -514,3 +514,3 @@ /*!
		DSA: 3,
		// _: 4,
		ECC: 4,
		RSASHA1: 5,
		@@ -542,8 +542,9 @@ DSANSEC3SHA1: 6,
		[algs.DSA]: 'DSA',
		[algs.ECC]: 'ECC',
		[algs.RSASHA1]: 'RSASHA1',
		[algs.DSANSEC3SHA1]: 'DSA-NSEC3-SHA1',
		[algs.RSASHA1NSEC3SHA1]: 'RSASHA1-NSEC3-SHA1',
		[algs.DSANSEC3SHA1]: 'DSANSEC3SHA1',
		[algs.RSASHA1NSEC3SHA1]: 'RSASHA1NSEC3SHA1',
		[algs.RSASHA256]: 'RSASHA256',
		[algs.RSASHA512]: 'RSASHA512',
		[algs.ECCGOST]: 'ECC-GOST',
		[algs.ECCGOST]: 'ECCGOST',
		[algs.ECDSAP256SHA256]: 'ECDSAP256SHA256',
		@@ -960,2 +961,20 @@ [algs.ECDSAP384SHA384]: 'ECDSAP384SHA384',

		/**
		* ICANN Root Trust Anchor (2010).
		* @const {String}
		* @see https://data.iana.org/root-anchors/root-anchors.xml
		*/

		const KSK_2010 = '. 172800 IN DS 19036 8 2'
		+ ' 49AAC11D7B6F6446702E54A1607371607A1A41855200FD2CE1CDDE32F24E8FB5';

		/**
		* ICANN Root Trust Anchor (2017).
		* @const {String}
		* @see https://data.iana.org/root-anchors/root-anchors.xml
		*/

		const KSK_2017 = '. 172800 IN DS 20326 8 2'
		+ ' E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D';

		/*
		@@ -1173,2 +1192,4 @@ * Helpers
		exports.DEFAULT_TTL = DEFAULT_TTL;
		exports.KSK_2010 = KSK_2010;
		exports.KSK_2017 = KSK_2017;

		@@ -1175,0 +1196,0 @@ exports.opcodeToString = opcodeToString;

lib/crypto.js

		@@ -46,5 +46,16 @@ /*!

		// Failed parsing.
		if (!pub)
		return false;

		// Basic sanity checks.
		if (!pub.verify())
		return false;

		// Limited to 4096:
		// https://tools.ietf.org/html/rfc3110#section-2
		// https://www.imperialviolet.org/2012/03/17/rsados.html
		if (pub.bits() > 4096)
		return false;

		return rsa.verifyKey(hash, msg, sig, pub);
		@@ -107,40 +118,33 @@ };

		function toRSAKey(buf) {
		assert(Buffer.isBuffer(buf));
		exports.rsaBits = function rsaBits(raw) {
		const pub = toRSAKey(raw);

		if (buf.length === 0)
		return null;
		if (!pub)
		return 0;

		let explen = buf[0];
		let keyoff = 1;
		return pub.bits();
		};

		if (explen === 0) {
		if (buf.length < 3)
		return null;
		explen = (buf[1] << 8) \| buf[2];
		keyoff = 3;
		}
		/*
		* Helpers
		*/

		if (buf.length < keyoff + explen)
		function toRSAKey(raw) {
		assert(Buffer.isBuffer(raw));

		try {
		return RSAPublicKey.fromDNS(raw);
		} catch (e) {
		return null;

		const e = buf.slice(keyoff, keyoff + explen);
		const n = buf.slice(keyoff + explen);

		const pub = new RSAPublicKey();

		pub.n = n;
		pub.e = e;

		return pub;
		}
		}

		function toECKey(buf) {
		assert(Buffer.isBuffer(buf));
		function toECKey(raw) {
		assert(Buffer.isBuffer(raw));

		const key = Buffer.allocUnsafe(1 + buf.length);
		const key = Buffer.allocUnsafe(1 + raw.length);
		key[0] = 0x04;
		buf.copy(key, 1);
		raw.copy(key, 1);

		return key;
		}

lib/dnssec.js

		@@ -118,42 +118,2 @@ /*!

		dnssec.signMessage = function signMessage(msg, name, key, priv, lifespan) {
		assert(msg instanceof Message);

		for (const section of msg.sections()) {
		const sigs = dnssec.signSection(section, name, key, priv, lifespan);
		for (const sig of sigs)
		section.push(sig);
		}

		return msg;
		};

		dnssec.signSection = function signSection(section, name, key, priv, lifespan) {
		assert(Array.isArray(section));

		const set = new Set();
		const sigs = [];

		for (const rr of section)
		set.add(rr.type);

		for (const type of set) {
		if (type === types.OPT
		\|\| type === types.RRSIG
		\|\| type === types.SIG) {
		continue;
		}

		const rrset = extractSet(section, name, type);

		if (rrset.length === 0)
		continue;

		const sig = dnssec.rrsign(key, priv, rrset, lifespan);
		sigs.push(sig);
		}

		return sigs;
		};

		dnssec.signType = function signType(section, type, key, priv, lifespan) {
		@@ -296,3 +256,3 @@ assert(Array.isArray(section));

		if (s.signerName.toLowerCase() !== key.name.toLowerCase())
		if (!util.equal(s.signerName, key.name))
		return false; // Name mismatch
		@@ -473,2 +433,5 @@

		if (ds.data.algorithm !== rd.algorithm)
		return null; // Mismatching algorithm.

		valid.set(rd.keyTag, dnskey);
		@@ -604,2 +567,6 @@
		const s = rr.data;

		if (!set.has(s.typeCovered))
		continue; // Useless

		const dnskey = zskMap.get(s.keyTag);
		@@ -676,4 +643,4 @@
		function compare(a, b) {
		const [ao] = readName(a, 0);
		const [bo] = readName(b, 0);
		const [ao] = readName(a, 0, true);
		const [bo] = readName(b, 0, true);
		const ab = a.slice(ao + 10);
		@@ -680,0 +647,0 @@ const bb = b.slice(bo + 10);

lib/encoding.js

		@@ -207,5 +207,9 @@ /*!

		encoding.readName = function readName(data, off) {
		encoding.readName = function readName(data, off, cmp) {
		if (cmp == null)
		cmp = true;

		assert(Buffer.isBuffer(data));
		assert((off >>> 0) === off);
		assert(typeof cmp === 'boolean');

		@@ -251,2 +255,4 @@ let name = '';
		case 0x5c /\\/: {
		if (!cmp)
		throw new EncodingError(off, 'Unexpected character');
		name += '\\' + ASCII[b];
		@@ -258,2 +264,4 @@ max += 1;
		if (b < 0x20 \|\| b > 0x7e) {
		if (!cmp)
		throw new EncodingError(off, 'Unexpected character');
		name += '\\' + toDDD(b);
		@@ -276,2 +284,5 @@ max += 3;
		case 0xc0: {
		if (!cmp)
		throw new EncodingError(off, 'Unexpected compression byte');

		if (off >= data.length)
		@@ -323,6 +334,12 @@ throw new EncodingError(off, 'EOF');

		encoding.readNameBR = function readNameBR(br) {
		encoding.readNameBR = function readNameBR(br, cmp) {
		if (cmp == null)
		cmp = true;

		assert(br);
		const [off, name] = encoding.readName(br.data, br.offset);

		const [off, name] = encoding.readName(br.data, br.offset, cmp);

		br.offset = off;

		return name;
		@@ -339,3 +356,3 @@ };
		encoding.unpackName = function unpackName(data) {
		const [, name] = encoding.readName(data, 0);
		const [, name] = encoding.readName(data, 0, true);
		return name;
		@@ -468,3 +485,3 @@ };

		return encoding.readName(data, 0)[1];
		return encoding.readName(data, 0, true)[1];
		};
		@@ -471,0 +488,0 @@

lib/resolver/dns.js

		@@ -52,2 +52,3 @@ /*!
		this.rd = false;
		this.cd = false;
		this.edns = false;
		@@ -428,2 +429,3 @@ this.ednsSize = MAX_EDNS_SIZE;
		req.rd = this.rd;
		req.cd = this.cd;
		req.question.push(qs);
		@@ -504,3 +506,3 @@

		if (typeof addr === 'string') {
		if (typeof server === 'string') {
		addr = IP.fromHost(server, DNS_PORT);
		@@ -507,0 +509,0 @@ } else {

lib/resolver/stub.js

		@@ -37,2 +37,3 @@ /*!
		this.rd = true;
		this.cd = false;
		this.conf = new ResolvConf();
		@@ -56,4 +57,8 @@ this.hosts = new Hosts();
		if (options.hosts != null) {
		assert(options.hosts instanceof Hosts);
		this.hosts = options.hosts;
		if (Array.isArray(options.hosts)) {
		this.hosts.setHosts(options.hosts);
		} else {
		assert(options.hosts instanceof Hosts);
		this.hosts = options.hosts;
		}
		}
		@@ -66,2 +71,12 @@

		if (options.cd != null) {
		assert(typeof options.cd === 'boolean');
		this.cd = options.cd;
		}

		if (options.servers != null) {
		assert(Array.isArray(options.servers));
		this.conf.setServers(options.servers);
		}

		return this;
		@@ -68,0 +83,0 @@ }

lib/resolver/ub.js

		@@ -160,3 +160,2 @@ /*!
		this.ub.setOption('root-hints', null);
		// this.ub.setOption('do-not-query-localhost', false);
		this.ub.setStub('.', `${ip}@${port}`, false);
		@@ -213,3 +212,2 @@ this.ub.addTrustAnchor(ds.toString());
		this.ub.setOption('do-ip6', this.inet6);
		// this.ub.setOption('prefer-ip6', false);
		this.ub.setOption('do-udp', !this.forceTCP);
		@@ -251,3 +249,3 @@ this.ub.setOption('do-tcp', this.tcp);
		if (result.secure && !result.bogus)
		msg.ad = result.secure;
		msg.ad = true;
		else
		@@ -254,0 +252,0 @@ msg.ad = false;

package.json

README.md

		@@ -333,4 +333,4 @@ # bns

		- Copyright (c) 2017, Christopher Jeffrey (MIT License).
		- Copyright (c) 2017-2018, Christopher Jeffrey (MIT License).

		See LICENSE for more info.

lib/wire.js

Sorry, the diff of this file is too big to display

Improved metrics