Update DNS report (#2413)

Co-authored-by: Jan Klopper <[email protected]>
minvws · Feb 7, 2024 · 267a8fd · 267a8fd
1 parent c2e1785
commit 267a8fd
Show file tree

Hide file tree

Showing 3 changed files with 75 additions and 104 deletions.
diff --git a/rocky/reports/report_types/dns_report/report.html b/rocky/reports/report_types/dns_report/report.html
@@ -1,67 +1,46 @@
 {% load i18n %}
 
-<h2>{% translate "IP address lookup" %}</h2>
-<div class="horizontal-scroll">
-    {% if data.ipv4 %}
+{% if data.records %}
+    <h2>{% translate "Records found" %}</h2>
+    <p>
+        {% blocktranslate trimmed %}
+            The table below gives an overview of the DNS records that were found for the abovementioned DNSZone.
+        {% endblocktranslate %}
+    </p>
+    <div class="horizontal-scroll">
         <table>
-            <caption class="visually-hidden">IPv4:</caption>
-            <thead>
-                <tr>
-                    <th scope="col">IPv4</th>
-                </tr>
-            </thead>
-            <tbody>
-                <tr>
-                    {% for ip in data.ipv4 %}<td>{{ ip }}</td>{% endfor %}
-                </tr>
-            </tbody>
-        </table>
-    {% endif %}
-    {% if not data.enough_ipv6_webservers %}
-        <h3 class="heading-xs">IPv6</h3>
-        <div class="warning" role="group" aria-label="{% translate "warning" %}">
-            <span>{% translate "Warning" %}:</span>
+            <caption class="visually-hidden">{% translate "Records found" %}</caption>
             <p>
-                {% blocktranslate trimmed %}
-                    You have less than one webserver that is reachable over IPv6,
-                    which is <strong>not</strong> in compliance to internet.nl standards.
+                {% blocktranslate %}
+                    <strong>Disclaimer:</strong>
+                    Not all DNSRecords are parsed in OpenKAT.
+                    DNS record types that are parsed and could be displayed in the table are:
                 {% endblocktranslate %}
+                A, AAAA, CAA, CNAME, NS, MX, PTR, SOA, SRV, TXT.
             </p>
-        </div>
-    {% else %}
-        <table class="summary">
-            <caption class="visually-hidden">IPv6:</caption>
-            <thead>
-                <tr>
-                    <th scope="col">IPv6</th>
-                </tr>
-            </thead>
-            <tbody>
-                <tr>
-                    {% for ip in data.ipv6 %}<td>{{ ip }}</td>{% endfor %}
-                </tr>
-            </tbody>
-        </table>
-    {% endif %}
-</div>
-{% if data.other_records %}
-    <h2>{% translate "Other records found" %}</h2>
-    <div class="horizontal-scroll">
-        <table>
-            <caption class="visually-hidden">{% translate "Other records found" %}</caption>
+            <div class="nota-bene">
+                <span>{% translate "All existing DNS record types can be found here" %}:
+                    <a class="nota-bene"
+                       href="https://en.wikipedia.org/wiki/List_of_DNS_record_types"
+                       target="_blank"
+                       rel="noopener noreferrer">https://en.wikipedia.org/wiki/List_of_DNS_record_types</a>
+                </span>
+            </div>
             <thead>
                 <tr>
                     <th>{% translate "Record" %}</th>
-                    <th>{% translate "Value" %}</th>
-                    <th>{% translate "Found by" %}</th>
+                    <th>{% translate "Name" %}</th>
+                    <th>{% translate "TTL" %}</th>
+                    <th>{% translate "Data" %}</th>
                 </tr>
             </thead>
             <tbody>
-                {% for ooi in data.other_records %}
+                {% for ooi in data.records %}
                     <tr>
-                        <td>{{ ooi.human_readable }}</td>
+                        <td>{{ ooi.type }}</td>
+                        <td>{{ ooi.name }}</td>
+                        <td>{{ ooi.ttl }} {% translate "minutes" %}</td>
                         <td>{{ ooi.content }}</td>
-                        <td>{{ ooi.origin }}</td>
                     </tr>
                 {% endfor %}
             </tbody>

diff --git a/rocky/reports/report_types/dns_report/report.py b/rocky/reports/report_types/dns_report/report.py
@@ -5,7 +5,7 @@
 from django.utils.translation import gettext_lazy as _
 
 from octopoes.models import Reference
-from octopoes.models.ooi.dns.records import DNSAAAARecord, DNSARecord, DNSRecord
+from octopoes.models.ooi.dns.records import DNSRecord
 from octopoes.models.ooi.dns.zone import Hostname
 from octopoes.models.ooi.findings import Finding
 from reports.report_types.definitions import Report
@@ -27,53 +27,32 @@ def generate_data(self, input_ooi: str, valid_time: datetime) -> Dict[str, Any]:
             ref, depth=3, types={DNSRecord, Finding}, valid_time=valid_time
         ).store
 
-        other_records = []
+        records = []
         security = {
             "spf": True,
             "dkim": True,
             "dmarc": True,
             "dnssec": True,
             "caa": True,
         }
-        ipv4 = []
-        ipv6 = []
         for ooi_type, ooi in tree.items():
-            reference = Reference.from_str(ooi)
-            if isinstance(ooi, DNSARecord):
-                if ref.tokenized.name == ooi.hostname.tokenized.name:
-                    ipv4.append(ooi.value)
-            elif isinstance(ooi, DNSAAAARecord):
-                if ref.tokenized.name == ooi.hostname.tokenized.name:
-                    ipv6.append(ooi.value)
+            if isinstance(ooi, Finding):
+                for check in ["caa", "dkim", "dmarc", "dnssec", "spf"]:
+                    if "NO-%s" % check.upper() in ooi.finding_type.tokenized.id:
+                        security[check] = False
             elif isinstance(ooi, DNSRecord):
-                origin = self.octopoes_api_connector.list_origins(source=ref, result=reference, valid_time=valid_time)
-                if origin:
-                    other_records.append(
-                        {
-                            "human_readable": reference.human_readable,
-                            "content": ooi.value,
-                            "origin": origin[0].method,
-                        }
-                    )
-            elif isinstance(ooi, Finding):
-                if "NO-SPF" in ooi.finding_type.tokenized.id:
-                    security["spf"] = False
-                if "NO-DKIM" in ooi.finding_type.tokenized.id:
-                    security["dkim"] = False
-                if "NO-DMARC" in ooi.finding_type.tokenized.id:
-                    security["dmarc"] = False
-                if "NO-DNSSEC" in ooi.finding_type.tokenized.id:
-                    security["dnssec"] = False
-                if "NO-CAA" in ooi.finding_type.tokenized.id:
-                    security["caa"] = False
-
-        enough_ipv6_webservers = len(ipv6) >= 2
+                records.append(
+                    {
+                        "type": ooi.dns_record_type,
+                        "ttl": round(ooi.ttl / 60),
+                        "name": ooi.hostname.tokenized.name,
+                        "content": ooi.value,
+                    }
+                )
+        records = sorted(records, key=lambda x: x["type"])
 
         return {
             "input_ooi": input_ooi,
-            "other_records": other_records,
+            "records": records,
             "security": security,
-            "ipv4": ipv4,
-            "ipv6": ipv6,
-            "enough_ipv6_webservers": enough_ipv6_webservers,
         }
diff --git a/rocky/rocky/locale/django.pot b/rocky/rocky/locale/django.pot
@@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-01-26 20:33+0000\n"
+"POT-Creation-Date: 2024-02-06 07:57+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <[email protected]>\n"
@@ -28,6 +28,7 @@ msgstr ""
 
 #: account/forms/account_setup.py katalogus/templates/katalogus_settings.html
 #: katalogus/templates/plugin_settings_list.html
+#: reports/report_types/dns_report/report.html
 #: reports/report_types/tls_report/report.html
 #: rocky/templates/organizations/organization_list.html
 #: rocky/templates/organizations/organization_settings.html
@@ -1432,7 +1433,6 @@ msgstr ""
 
 #: katalogus/templates/katalogus_settings.html
 #: katalogus/templates/plugin_settings_list.html
-#: reports/report_types/dns_report/report.html
 #: rocky/templates/oois/ooi_delete.html
 msgid "Value"
 msgstr ""
@@ -2171,6 +2171,7 @@ msgid ""
 msgstr ""
 
 #: onboarding/templates/step_2a_choose_report_info.html
+#: reports/report_types/dns_report/report.html
 msgid "Data"
 msgstr ""
 
@@ -3147,39 +3148,39 @@ msgid ""
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-msgid "IP address lookup"
+msgid "Records found"
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-#: rocky/templates/dashboard_redteam.html
-#: rocky/templates/partials/notifications_block.html
-#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
-msgid "warning"
+msgid ""
+"The table below gives an overview of the DNS records that were found for the "
+"abovementioned DNSZone."
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-#: rocky/templates/dashboard_redteam.html
-#: rocky/templates/partials/notifications_block.html
-#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
-msgid "Warning"
+msgid ""
+"\n"
+"                    <strong>Disclaimer:</strong>\n"
+"                    Not all DNSRecords are parsed in OpenKAT.\n"
+"                    DNS record types that are parsed and could be displayed "
+"in the table are:\n"
+"                "
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-msgid ""
-"You have less than one webserver that is reachable over IPv6, which is "
-"<strong>not</strong> in compliance to internet.nl standards."
+msgid "All existing DNS record types can be found here"
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-msgid "Other records found"
+msgid "Record"
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-msgid "Record"
+msgid "TTL"
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
-msgid "Found by"
+msgid "minutes"
 msgstr ""
 
 #: reports/report_types/dns_report/report.html
@@ -4631,6 +4632,18 @@ msgstr ""
 msgid "User overview:"
 msgstr ""
 
+#: rocky/templates/dashboard_redteam.html
+#: rocky/templates/partials/notifications_block.html
+#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
+msgid "warning"
+msgstr ""
+
+#: rocky/templates/dashboard_redteam.html
+#: rocky/templates/partials/notifications_block.html
+#: rocky/templates/partials/ooi_report_findings_block_table_expanded_row.html
+msgid "Warning"
+msgstr ""
+
 #: rocky/templates/dashboard_redteam.html
 msgid "Organization code missing"
 msgstr ""