fix(portal): Make DNS address validations more strict (#6991)

Closes ##6981
2026-01-27 10:18:54 +00:00 · 2024-10-10 09:10:00 -06:00
parent 7c02c34d73
commit 945b5813a0
2 changed files with 6 additions and 0 deletions
--- a/elixir/apps/domain/lib/domain/resources/resource/changeset.ex
+++ b/elixir/apps/domain/lib/domain/resources/resource/changeset.ex
@@ -93,6 +93,9 @@ defmodule Domain.Resources.Resource.Changeset do
    changeset
    |> validate_length(:address, min: 1, max: 253)
    |> validate_format(:address, ~r/^[\p{L}\*\?0-9-]{1,63}(\.[\p{L}\*\?0-9-]{1,63})*$/iu)
+    |> validate_format(:address, ~r/^[^\.]/, message: "must start with a letter or number")
+    |> validate_format(:address, ~r/[^\.]$/, message: "must end with a letter or number")
+    |> validate_format(:address, ~r/[\w]/iu, message: "must contain at least one letter")
    |> validate_change(:address, fn field, dns_address ->
      {tld, domain} =
        dns_address
--- a/elixir/apps/domain/test/domain/resources/resource/changeset_test.exs
+++ b/elixir/apps/domain/test/domain/resources/resource/changeset_test.exs
@@ -88,6 +88,9 @@ defmodule Domain.Resources.Resource.ChangesetTest do
        assert changeset.valid?
      end

+      refute create(%{type: :dns, address: "1.1.1.1"}).valid?
+      refute create(%{type: :dns, address: ".example.com"}).valid?
+      refute create(%{type: :dns, address: "example.com."}).valid?
      refute create(%{type: :dns, address: "exa&mple.com"}).valid?
      refute create(%{type: :dns, address: ""}).valid?
      refute create(%{type: :dns, address: "http://example.com/"}).valid?