From d1b694447a15e799cd514eb106623e33e86db87b Mon Sep 17 00:00:00 2001
From: ljf <ljf+git@grimaud.me>
Date: Mon, 27 Apr 2020 23:37:45 +0200
Subject: [PATCH] [enh] Use publicsuffix list to avoid alert on dyndns domain

---
 data/hooks/diagnosis/12-dnsrecords.py | 40 ++++++++++++++++++---------
 debian/control                        |  2 +-
 locales/en.json                       |  2 +-
 3 files changed, 29 insertions(+), 15 deletions(-)

diff --git a/data/hooks/diagnosis/12-dnsrecords.py b/data/hooks/diagnosis/12-dnsrecords.py
index 003c19cfb..c92c2648e 100644
--- a/data/hooks/diagnosis/12-dnsrecords.py
+++ b/data/hooks/diagnosis/12-dnsrecords.py
@@ -4,15 +4,16 @@ import os
 import re
 
 from datetime import datetime, timedelta
-from subprocess import Popen, PIPE
+from publicsuffix import PublicSuffixList
 
 from moulinette.utils.filesystem import read_file
 
 from yunohost.utils.network import dig
 from yunohost.diagnosis import Diagnoser
 from yunohost.domain import domain_list, _build_dns_conf, _get_maindomain
+from yunohost.utils.network import dig
 
-SMALL_SUFFIX_LIST = ['noho.st', 'nohost.me', 'ynh.fr', 'netlib.re']
+PENDING_SUFFIX_LIST = ['ynh.fr', 'netlib.re']
 
 
 class DNSRecordsDiagnoser(Diagnoser):
@@ -39,8 +40,11 @@ class DNSRecordsDiagnoser(Diagnoser):
                 yield report
 
         # Check if a domain buy by the user will expire soon
-        domains_from_registrar = ['.'.join(domain.split('.')[-2:]) for domain in all_domains]
-        domains_from_registrar = set(domains_from_registrar) - set(SMALL_SUFFIX_LIST)
+        psl = PublicSuffixList()
+        all_domains = ["grimaud.me", "reflexlibre.net", "netlib.re", "noho.st", "nohost.me", "ynh.fr", "test.noho.st", "hub.netlib.re", "sans-nuage.fr", "yunohost.org", "yunohost.local", "free.fr"]
+        domains_from_registrar = [psl.get_public_suffix(domain) for domain in all_domains]
+        domains_from_registrar = [domain for domain in domains_from_registrar if "." in domain]
+        domains_from_registrar = set(domains_from_registrar) - set(PENDING_SUFFIX_LIST)
         for report in self.check_expiration_date(domains_from_registrar):
             yield report
 
@@ -159,9 +163,12 @@ class DNSRecordsDiagnoser(Diagnoser):
             expire_date = self.get_domain_expiration(domain)
 
             if isinstance(expire_date, str):
-                details["not_found"].append((
-                    "diagnosis_%s_details" % (expire_date),
-                    {"domain": domain}))
+                status_ns, _ = dig(domain, "NS", resolvers="force_external")
+                status_a, _ = dig(domain, "A", resolvers="force_external")
+                if "ok" not in [status_ns, status_a]:
+                    details["not_found"].append((
+                        "diagnosis_domain_%s_details" % (expire_date),
+                        {"domain": domain}))
                 continue
 
             expire_in = expire_date - datetime.now()
@@ -199,19 +206,26 @@ class DNSRecordsDiagnoser(Diagnoser):
         """
         Return the expiration datetime of a domain or None
         """
-        # "echo failed" avoid to trigger CalledProcessError
-        command = "whois -H %s || echo failed" % (domain)
+        command = "whois -H %s" % (domain)
+
+        # Reduce output to determine if whois answer is equivalent to NOT FOUND
         out = check_output(command).strip().split("\n")
+        filtered_out = [line for line in out
+               if re.search(r'^\w{4,25}:', line, re.IGNORECASE) and
+               not re.match(r'>>> Last update of whois', line, re.IGNORECASE) and
+               not re.match(r'^NOTICE:', line, re.IGNORECASE) and
+               not re.match(r'^%%', line, re.IGNORECASE) and
+               not re.match(r'"https?:"', line, re.IGNORECASE)]
 
         # If there is less 5 lines, it's NOT FOUND response
-        if len(out) <= 4:
-            return "domain_not_found"
+        if len(filtered_out) <= 6:
+            return "not_found"
 
         for line in out:
-            match = re.search(r'Expir.+(\d{4}-\d{2}-\d{2})', line)
+            match = re.search(r'Expir.+(\d{4}-\d{2}-\d{2})', line, re.IGNORECASE)
             if match is not None:
                 return datetime.strptime(match.group(1), '%Y-%m-%d')
-        return "domain_expiration_not_found"
+        return "expiration_not_found"
 
 
 def main(args, env, loggers):
diff --git a/debian/control b/debian/control
index fcffa87f6..5061ad4f2 100644
--- a/debian/control
+++ b/debian/control
@@ -29,7 +29,7 @@ Depends: ${python:Depends}, ${misc:Depends}
  , redis-server
  , metronome
  , git, curl, wget, cron, unzip, jq
- , lsb-release, haveged, fake-hwclock, equivs, lsof, whois
+ , lsb-release, haveged, fake-hwclock, equivs, lsof, whois, python-publicsuffix
 Recommends: yunohost-admin
  , ntp, inetutils-ping | iputils-ping
  , bash-completion, rsyslog
diff --git a/locales/en.json b/locales/en.json
index a0e7454f1..3f957c702 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -173,7 +173,7 @@
     "diagnosis_dns_discrepancy": "The following DNS record does not seem to follow the recommended configuration:<br>Type: <code>{type}</code><br>Name: <code>{name}</code><br>Current value: <code>{current}</code><br>Excepted value: <code>{value}</code>",
     "diagnosis_dns_point_to_doc": "Please check the documentation at <a href='https://yunohost.org/dns_config'>https://yunohost.org/dns_config</a> if you need help about configuring DNS records.",
     "diagnosis_domain_expiration_not_found": "Unable to check the expiration date of some domains",
-    "diagnosis_domain_not_found_details": "The domain {domain} doesn't exist in WHOIS database !",
+    "diagnosis_domain_not_found_details": "The domain {domain} doesn't exist in WHOIS database or is expired !",
     "diagnosis_domain_expiration_not_found_details": "The WHOIS returns some info about the domain {domain} but we are not able to found the expiration date inside those info.",
     "diagnosis_domain_expiration_info": "Domains expiration dates",
     "diagnosis_domain_expiration_warning": "Some domains expire in less than a month",