scan.l: Deprecate DNS resolutions of hostname literals

This also skips DNS lookups when running with zeek --parse-only.

Closes #4216 #4219

NEWS

@@ -98,6 +98,11 @@ Removed Functionality
 Deprecated Functionality
 ------------------------
 
+- Support for DNS resolution of hostname literals in Zeek scripts has been
+  deprecated. If you've used this feature, use the new ``blocking_lookup_hostname()``
+  builtin function to populate sets or tables in a ``zeek_init()`` handler,
+  or with top-level statements.
+
 Zeek 7.1.0
 ==========
 

src/scan.l

@@ -662,7 +662,17 @@ F	RET_CONST(zeek::val_mgr->False()->Ref())
 
 "0x"{HEX}+	RET_CONST(zeek::val_mgr->Count(static_cast<zeek_uint_t>(strtoull(yytext, 0, 16))).release())
 
-({H}".")+{HTLD}		RET_CONST(zeek::detail::dns_mgr->LookupHost(yytext).release())
+({H}".")+{HTLD} {
+	zeek::TableValPtr result;
+	std::string msg = zeek::util::fmt("Remove in v8.1: DNS lookup of host literal '%s' is deprecated. "
+	                                  "Replace with blocking_lookup_hostname().", yytext);
+	zeek::reporter->Deprecation(msg.c_str());
+	if ( ! zeek::detail::parse_only )
+		result = zeek::detail::dns_mgr->LookupHost(yytext);
+	else
+		result = zeek::detail::dns_mgr->empty_addr_set();
+	RET_CONST(result.release());
+}
 
 \"([^\\\r\\\n\"]|{ESCSEQ})*\"	{
 	const char* text = yytext;

testing/btest/Baseline/core.dns-init/.stderr

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+warning in <...>/dns-init.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().

testing/btest/Baseline/core.dns-init/.stdout

@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+{
+7a5f:b783:9808:380e:b1a2:ce20:b58e:2a4a
+}

testing/btest/Baseline/core.fake_dns/err

@@ -0,0 +1,5 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+warning in <...>/fake_dns.zeek, line 8: Remove in v8.1: DNS lookup of host literal 'google.com' is deprecated. Replace with blocking_lookup_hostname().
+warning in <...>/fake_dns.zeek, line 9: Remove in v8.1: DNS lookup of host literal 'bing.com' is deprecated. Replace with blocking_lookup_hostname().
+warning in <...>/fake_dns.zeek, line 10: Remove in v8.1: DNS lookup of host literal 'yahoo.com' is deprecated. Replace with blocking_lookup_hostname().
+received termination signal

testing/btest/Baseline/core.hostname-literal-resolve/err

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().

testing/btest/Baseline/core.hostname-literal-resolve/err.parse-only

@@ -0,0 +1,2 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+warning in <...>/hostname-literal-resolve.zeek, line 11: Remove in v8.1: DNS lookup of host literal 'dns.example.com' is deprecated. Replace with blocking_lookup_hostname().

testing/btest/Baseline/core.hostname-literal-resolve/out

@@ -0,0 +1,4 @@
+### BTest baseline data generated by btest-diff. Do not edit. Use "btest -U/-u" to update. Requires BTest >= 0.63.
+dns.example.com, {
+9fb0:8c56:531e:72ee:ca2b:4c97:da18:3a6
+}

testing/btest/core/dns-init.zeek

@@ -1,9 +1,11 @@
 # We once had a bug where DNS lookups at init time lead to an immediate crash. 
 #
-# @TEST-EXEC: zeek -b %INPUT >output 2>&1
+# @TEST-EXEC: zeek -b %INPUT
-# @TEST-EXEC: btest-diff output
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff .stderr
+# @TEST-EXEC: btest-diff .stdout
 
 const foo: set[addr] = {
      google.com
 };
 
+print foo;

testing/btest/core/fake_dns.zeek

@@ -1,5 +1,6 @@
-# @TEST-EXEC: ZEEK_DNS_FAKE=1 zeek -D -b %INPUT >out
+# @TEST-EXEC: ZEEK_DNS_FAKE=1 zeek -D -b %INPUT >out 2>err
 # @TEST-EXEC: btest-diff out
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err
 
 redef exit_only_after_terminate = T;
 

testing/btest/core/hostname-literal-resolve.zeek

@@ -0,0 +1,11 @@
+# @TEST-DOC: Testing deprecated hostname literal resolutions
+#
+# @TEST-EXEC: zeek --parse-only -b %INPUT 2>err.parse-only >out.parse-only
+# @TEST-EXEC: zeek -b %INPUT 2>err >out
+#
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err.parse-only
+# @TEST-EXEC: btest-diff out.parse-only
+# @TEST-EXEC: TEST_DIFF_CANONIFIER=$SCRIPTS/diff-remove-abspath btest-diff err
+# @TEST-EXEC: btest-diff out
+
+print "dns.example.com", dns.example.com;