From df1f3149ea1d2182f212823c69e1ac07d4a3cf72 Mon Sep 17 00:00:00 2001
From: stanislas <stanislas@jouf.fr>
Date: Tue, 12 Sep 2023 00:37:47 +0200
Subject: [PATCH] The p value of a DMARC record can take the values none,
 quarantine or reject The validation is no more about the being similar to the
 expected config. Now wre check that the value of the p parameter of a DMARC
 record has the value none, quarantine or reject. No check for other
 parameters but it could be improved

---
 src/diagnosers/12-dnsrecords.py | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/diagnosers/12-dnsrecords.py b/src/diagnosers/12-dnsrecords.py
index 196a2e1f9..19becb753 100644
--- a/src/diagnosers/12-dnsrecords.py
+++ b/src/diagnosers/12-dnsrecords.py
@@ -215,6 +215,11 @@ class MyDiagnoser(Diagnoser):
                     for part in current
                     if not part.startswith("ip4:") and not part.startswith("ip6:")
                 }
+            if "v=DMARC1" in r["value"]:
+                for param in current:
+                    key, value = param.split("=")
+                    if key == "p":
+                        return value in ["none", "quarantine", "reject"]
             return expected == current
         elif r["type"] == "MX":
             # For MX, we want to ignore the priority