fix up

aditi-khare-mongoDB · aditi-khare-mongoDB · commit ae79ac59c1c0 · 2024-09-05T01:31:28.000-04:00
diff --git a/src/connection_string.ts b/src/connection_string.ts
@@ -34,11 +34,11 @@ import { ReadPreference, type ReadPreferenceMode } from './read_preference';
 import { ServerMonitoringMode } from './sdam/monitor';
 import type { TagSet } from './sdam/server_description';
 import {
+  checkParentDomainMatch,
   DEFAULT_PK_FACTORY,
   emitWarning,
   HostAddress,
   isRecord,
-  matchesParentDomain,
   parseInteger,
   setDifference,
   squashError
@@ -81,9 +81,7 @@ export async function resolveSRVRecord(options: MongoOptions): Promise<HostAddre
   }
 
   for (const { name } of addresses) {
-    if (!matchesParentDomain(name, lookupAddress)) {
-      throw new MongoAPIError('Server record does not share hostname with parent URI');
-    }
+    checkParentDomainMatch(name, lookupAddress);
   }
 
   const hostAddresses = addresses.map(r => HostAddress.fromString(`${r.name}:${r.port ?? 27017}`));
diff --git a/src/sdam/srv_polling.ts b/src/sdam/srv_polling.ts
@@ -3,7 +3,7 @@ import { clearTimeout, setTimeout } from 'timers';
 
 import { MongoRuntimeError } from '../error';
 import { TypedEventEmitter } from '../mongo_types';
-import { HostAddress, matchesParentDomain, squashError } from '../utils';
+import { checkParentDomainMatch, HostAddress, squashError } from '../utils';
 
 /**
  * @internal
@@ -127,8 +127,11 @@ export class SrvPoller extends TypedEventEmitter<SrvPollerEvents> {
 
     const finalAddresses: dns.SrvRecord[] = [];
     for (const record of srvRecords) {
-      if (matchesParentDomain(record.name, this.srvHost)) {
+      try {
+        checkParentDomainMatch(record.name, this.srvHost);
         finalAddresses.push(record);
+      } catch (error) {
+        squashError(error);
       }
     }
 
diff --git a/src/utils.ts b/src/utils.ts
@@ -18,6 +18,7 @@ import type { FindCursor } from './cursor/find_cursor';
 import type { Db } from './db';
 import {
   type AnyError,
+  MongoAPIError,
   MongoCompatibilityError,
   MongoInvalidArgumentError,
   MongoNetworkTimeoutError,
@@ -1131,16 +1132,18 @@ export function parseUnsignedInteger(value: unknown): number | null {
 }
 
 /**
- * Determines whether a provided address matches the provided parent domain.
+ * This function throws a MongoAPIError in the event that either of the following is true:
+ * * If the provided address domain does not match the provided parent domain
+ * * If the parent domain contains less than three `.` separated parts and the provided address does not contain at least one more domain level than its parent
  *
  * If a DNS server were to become compromised SRV records would still need to
  * advertise addresses that are under the same domain as the srvHost.
  *
  * @param address - The address to check against a domain
  * @param srvHost - The domain to check the provided address against
- * @returns Whether the provided address matches the parent domain
+ * @returns void
  */
-export function matchesParentDomain(address: string, srvHost: string): boolean {
+export function checkParentDomainMatch(address: string, srvHost: string): void {
   // Remove trailing dot if exists on either the resolved address or the srv hostname
   const normalizedAddress = address.endsWith('.') ? address.slice(0, address.length - 1) : address;
   const normalizedSrvHost = srvHost.endsWith('.') ? srvHost.slice(0, srvHost.length - 1) : srvHost;
@@ -1151,16 +1154,22 @@ export function matchesParentDomain(address: string, srvHost: string): boolean {
   // Add leading dot back to string so
   //   an srvHostDomain = '.trusted.site'
   //   will not satisfy an addressDomain that endsWith '.fake-trusted.site'
-  const addressDomain = `.${normalizedAddress.replace(allCharacterBeforeFirstDot, '')}`;
+  const addressDomain = srvIsLessThanThreeParts
+    ? normalizedAddress
+    : `.${normalizedAddress.replace(allCharacterBeforeFirstDot, '')}`;
   const srvHostDomain = srvIsLessThanThreeParts
     ? normalizedSrvHost
     : `.${normalizedSrvHost.replace(allCharacterBeforeFirstDot, '')}`;
 
-  return (
-    addressDomain.endsWith(srvHostDomain) &&
-    (!srvIsLessThanThreeParts ||
-      normalizedAddress.split('.').length > normalizedSrvHost.split('.').length)
-  );
+  if (!addressDomain.endsWith(srvHostDomain)) {
+    throw new MongoAPIError('Server record does not share hostname with parent URI');
+  }
+  if (
+    srvIsLessThanThreeParts &&
+    normalizedAddress.split('.').length <= normalizedSrvHost.split('.').length
+  ) {
+    throw new MongoAPIError('Server record does not have least one more domain than parent URI');
+  }
 }
 
 interface RequestOptions {
diff --git a/test/integration/initial-dns-seedlist-discovery/initial_dns_seedlist_discovery.prose.test.ts b/test/integration/initial-dns-seedlist-discovery/initial_dns_seedlist_discovery.prose.test.ts
@@ -1,7 +1,6 @@
-import * as dns from 'dns';
-import sinon = require('sinon');
-
 import { expect } from 'chai';
+import * as dns from 'dns';
+import * as sinon from 'sinon';
 
 import { MongoAPIError, Server, ServerDescription, Topology } from '../../mongodb';
 import { topologyWithPlaceholderClient } from '../../tools/utils';
@@ -156,7 +155,9 @@ describe(
             .connect()
             .catch(e => e);
           expect(err).to.be.instanceOf(MongoAPIError);
-          expect(err.message).to.equal('Server record does not share hostname with parent URI');
+          expect(err.message).to.equal(
+            'Server record does not have least one more domain than parent URI'
+          );
         });
 
         it('an SRV with two domain levels causes a runtime error', async function () {
@@ -175,7 +176,9 @@ describe(
             .connect()
             .catch(e => e);
           expect(err).to.be.instanceOf(MongoAPIError);
-          expect(err.message).to.equal('Server record does not share hostname with parent URI');
+          expect(err.message).to.equal(
+            'Server record does not have least one more domain than parent URI'
+          );
         });
       }
     );
