From 715c309b033d1c43721ae341c9a7c254d937919b Mon Sep 17 00:00:00 2001 From: Arne Welzel Date: Tue, 4 Mar 2025 11:13:25 +0100 Subject: [PATCH] scan.l: Deprecate DNS resolutions of hostname literals This also skips DNS lookups when running with zeek --parse-only. Closes #4216 #4219 --- NEWS | 5 +++++ src/scan.l | 12 +++++++++++- testing/btest/Baseline/core.dns-init/.stderr | 2 ++ testing/btest/Baseline/core.dns-init/.stdout | 4 ++++ testing/btest/Baseline/core.fake_dns/err | 5 +++++ .../btest/Baseline/core.hostname-literal-resolve/err | 2 ++ .../core.hostname-literal-resolve/err.parse-only | 2 ++ .../btest/Baseline/core.hostname-literal-resolve/out | 4 ++++ .../out.parse-only} | 0 testing/btest/core/dns-init.zeek | 6 ++++-- testing/btest/core/fake_dns.zeek | 3 ++- testing/btest/core/hostname-literal-resolve.zeek | 11 +++++++++++ 12 files changed, 52 insertions(+), 4 deletions(-) create mode 100644 testing/btest/Baseline/core.dns-init/.stderr create mode 100644 testing/btest/Baseline/core.dns-init/.stdout create mode 100644 testing/btest/Baseline/core.fake_dns/err create mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/err create mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only create mode 100644 testing/btest/Baseline/core.hostname-literal-resolve/out rename testing/btest/Baseline/{core.dns-init/output => core.hostname-literal-resolve/out.parse-only} (100%) create mode 100644 testing/btest/core/hostname-literal-resolve.zeek diff --git a/NEWS b/NEWS index 29ee618471..453d0a8e8a 100644 --- a/NEWS +++ b/NEWS @@ -98,6 +98,11 @@ Removed Functionality Deprecated Functionality ------------------------ +- Support for DNS resolution of hostname literals in Zeek scripts has been + deprecated. If you've used this feature, use the new ``blocking_lookup_hostname()`` + builtin function to populate sets or tables in a ``zeek_init()`` handler, + or with top-level statements. + Zeek 7.1.0 ========== diff --git a/src/scan.l b/src/scan.l index 7c8df307f6..e3bc35d379 100644 --- a/src/scan.l +++ b/src/scan.l @@ -662,7 +662,17 @@ F RET_CONST(zeek::val_mgr->False()->Ref()) "0x"{HEX}+ RET_CONST(zeek::val_mgr->Count(static_cast(strtoull(yytext, 0, 16))).release()) -({H}".")+{HTLD} RET_CONST(zeek::detail::dns_mgr->LookupHost(yytext).release()) +({H}".")+{HTLD} { + zeek::TableValPtr result; + std::string msg = zeek::util::fmt("Remove in v8.1: DNS lookup of host literal '%s' is deprecated. " + "Replace with blocking_lookup_hostname().", yytext); + zeek::reporter->Deprecation(msg.c_str()); + if ( ! zeek::detail::parse_only ) + result = zeek::detail::dns_mgr->LookupHost(yytext); + else + result = zeek::detail::dns_mgr->empty_addr_set(); + RET_CONST(result.release()); +} \"([^\\\r\\\n\"]|{ESCSEQ})*\" { const char* text = yytext; diff --git a/testing/btest/Baseline/core.dns-init/.stderr b/testing/btest/Baseline/core.dns-init/.stderr new file mode 100644 index 0000000000..61b1c1f7d3 --- /dev/null +++ b/testing/btest/Baseline/core.dns-init/.stderr @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +warning in <...>/dns-init.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname(). diff --git a/testing/btest/Baseline/core.dns-init/.stdout b/testing/btest/Baseline/core.dns-init/.stdout new file mode 100644 index 0000000000..960816f986 --- /dev/null +++ b/testing/btest/Baseline/core.dns-init/.stdout @@ -0,0 +1,4 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +{ +7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a +} diff --git a/testing/btest/Baseline/core.fake_dns/err b/testing/btest/Baseline/core.fake_dns/err new file mode 100644 index 0000000000..6d92a4202f --- /dev/null +++ b/testing/btest/Baseline/core.fake_dns/err @@ -0,0 +1,5 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +warning in <...>/fake_dns.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname(). +warning in <...>/fake_dns.zeek, line 9: Remove in v8.1: DNS lookup of host literal 'bing.com' is deprecated. Replace with blocking_lookup_hostname(). +warning in <...>/fake_dns.zeek, line 10: Remove in v8.1: DNS lookup of host literal 'yahoo.com' is deprecated. Replace with blocking_lookup_hostname(). +received termination signal diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/err b/testing/btest/Baseline/core.hostname-literal-resolve/err new file mode 100644 index 0000000000..ddfae94618 --- /dev/null +++ b/testing/btest/Baseline/core.hostname-literal-resolve/err @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname(). diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only b/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only new file mode 100644 index 0000000000..ddfae94618 --- /dev/null +++ b/testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only @@ -0,0 +1,2 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname(). diff --git a/testing/btest/Baseline/core.hostname-literal-resolve/out b/testing/btest/Baseline/core.hostname-literal-resolve/out new file mode 100644 index 0000000000..1bb626955e --- /dev/null +++ b/testing/btest/Baseline/core.hostname-literal-resolve/out @@ -0,0 +1,4 @@ +### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63. +dns.example.com, { +9fb0:8c56:531e:72ee:ca2b:4c97:da18:3a6 +} diff --git a/testing/btest/Baseline/core.dns-init/output b/testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only similarity index 100% rename from testing/btest/Baseline/core.dns-init/output rename to testing/btest/Baseline/core.hostname-literal-resolve/out.parse-only diff --git a/testing/btest/core/dns-init.zeek b/testing/btest/core/dns-init.zeek index 1205b5ca42..893a54f025 100644 --- a/testing/btest/core/dns-init.zeek +++ b/testing/btest/core/dns-init.zeek @@ -1,9 +1,11 @@ # We once had a bug where DNS lookups at init time lead to an immediate crash. # -# @TEST-EXEC: zeek -b %INPUT >output 2>&1 -# @TEST-EXEC: btest-diff output +# @TEST-EXEC: zeek -b %INPUT +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr +# @TEST-EXEC: btest-diff .stdout const foo: set[addr] = { google.com }; +print foo; diff --git a/testing/btest/core/fake_dns.zeek b/testing/btest/core/fake_dns.zeek index dd8a88ae40..b9d47cdd2e 100644 --- a/testing/btest/core/fake_dns.zeek +++ b/testing/btest/core/fake_dns.zeek @@ -1,5 +1,6 @@ -# @TEST-EXEC: ZEEK_DNS_FAKE=1 zeek -D -b %INPUT >out +# @TEST-EXEC: ZEEK_DNS_FAKE=1 zeek -D -b %INPUT >out 2>err # @TEST-EXEC: btest-diff out +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err redef exit_only_after_terminate = T; diff --git a/testing/btest/core/hostname-literal-resolve.zeek b/testing/btest/core/hostname-literal-resolve.zeek new file mode 100644 index 0000000000..1c0182306c --- /dev/null +++ b/testing/btest/core/hostname-literal-resolve.zeek @@ -0,0 +1,11 @@ +# @TEST-DOC: Testing deprecated hostname literal resolutions +# +# @TEST-EXEC: zeek --parse-only -b %INPUT 2>err.parse-only >out.parse-only +# @TEST-EXEC: zeek -b %INPUT 2>err >out +# +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err.parse-only +# @TEST-EXEC: btest-diff out.parse-only +# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err +# @TEST-EXEC: btest-diff out + +print "dns.example.com", dns.example.com;