5.7.10

- Raise a warning instead of a `UnicodeDecodeError` when encountering a `TXT` record that is not decodable (Close issue [#124](#124))
- Alow CIDR notation on SPF `a` mechanisms (Close [#128](#128))
- Fix documentation for `check_smtp_tls_reporting` (Close [#133](#133))
- Fix SVG verification checks for BIMI SVG files (Close [#150](#150))
- Allow BIMI Mark Verification Certificates to be used for subdomains (Close [#151](#151))
- Fix crash on CSV output for a domain with BIMI errors (Close issue [#153](#153))

.vscode/launch.json

@@ -59,6 +59,54 @@
             "console": "integratedTerminal",
             "justMyCode": true
         },
+        {
+            "name": "checkdmarc --skip-tls m11‍.‍email‍.‍samsung‍.‍com",
+            "type": "python",
+            "request": "launch",
+            "module": "checkdmarc._cli",
+            "args": [
+                "--skip-tls",
+                "m11‍.‍email‍.‍samsung‍.‍com"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true
+        },
+        {
+            "name": "checkdmarc --skip-tls galaxylife‍.‍samsungusa‍.‍com",
+            "type": "python",
+            "request": "launch",
+            "module": "checkdmarc._cli",
+            "args": [
+                "--skip-tls",
+                "m11‍.‍email‍.‍samsung‍.‍com"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true
+        },
+        {
+            "name": "checkdmarc --skip-tls  n1.e-nocibe.fr",
+            "type": "python",
+            "request": "launch",
+            "module": "checkdmarc._cli",
+            "args": [
+                "--skip-tls",
+                " n1.e-nocibe.fr"
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true
+        },
+        {
+            "name": "checkdmarc --skip-tls  edys.com",
+            "type": "python",
+            "request": "launch",
+            "module": "checkdmarc._cli",
+            "args": [
+                "--skip-tls",
+                " edys.com",
+            ],
+            "console": "integratedTerminal",
+            "justMyCode": true
+        },
         {
             "name": "tests.py",
             "type": "python",

CHANGELOG.md

@@ -1,6 +1,17 @@
 Changelog
 =========
 
+5.7.10
+------
+
+- Raise a warning instead of a `UnicodeDecodeError` when encountering a `TXT` record that is not decodable (Close issue [#124](https://github.com/domainaware/checkdmarc/issues/124))
+- Alow CIDR notation on SPF `a` mechanisms (Close [#128](https://github.com/domainaware/checkdmarc/issues/128))
+- Fix documentation for `check_smtp_tls_reporting` (Close [#133](https://github.com/domainaware/checkdmarc/issues/133))
+- Fix SVG verification checks for BIMI SVG files (Close [#150](https://github.com/domainaware/checkdmarc/issues/150))
+- Allow BIMI Mark Verification Certificates to be used for subdomains (Close [#151](https://github.com/domainaware/checkdmarc/issues/151))
+- Fix crash on CSV output for a domain with BIMI errors (Close issue [#153](https://github.com/domainaware/checkdmarc/issues/153))
+- Fix generation of API documentation
+
 5.7.9
 -----
 

checkdmarc/__init__.py

@@ -286,13 +286,15 @@ def results_to_csv_rows(results: Union[dict, list[dict]]) -> list[dict]:
                 bimi_error = _bimi["error"]
             row["bimi_error"] = bimi_error
 
-            row["bimi_warnings"] = "|".join(_bimi["warnings"])
+            if "warnings" in _bimi:
+                row["bimi_warnings"] = "|".join(_bimi["warnings"])
             if "error" in _bimi:
                 row["bimi_error"] = _bimi["error"]
-                if "l" in _bimi["tags"]:
-                    row["bimi_l"] = _bimi["tags"]["l"]["value"]
-                if "a" in _bimi["tags"]:
-                    row["bimi_a"] = _bimi["tags"]["a"]["value"]
+                if "tags" in _bimi:
+                    if "l" in _bimi["tags"]:
+                        row["bimi_l"] = _bimi["tags"]["l"]["value"]
+                    if "a" in _bimi["tags"]:
+                        row["bimi_a"] = _bimi["tags"]["a"]["value"]
         row["mx"] = "|".join(
             list(map(lambda r: f"{r['preference']}, {r['hostname']}", mx["hosts"]))
         )

checkdmarc/_constants.py

@@ -18,7 +18,7 @@
 See the License for the specific language governing permissions and
 limitations under the License."""
 
-__version__ = "5.7.9"
+__version__ = "5.7.10"
 
 OS = platform.system()
 OS_RELEASE = platform.release()

checkdmarc/bimi.py

@@ -188,28 +188,25 @@ def get_svg_metadata(raw_xml: Union[str, bytes]) -> OrderedDict:
         raw_xml = raw_xml.decode(errors="ignore")
     try:
         xml = xmltodict.parse(raw_xml)
-        base_profile = None
         svg = xml["svg"]
-        version = svg["@version"]
+        metadata["svg_version"] = svg["@version"]
         if "@baseProfile" in svg.keys():
-            base_profile = svg["@baseProfile"]
+            metadata["base_profile"] = svg["@baseProfile"]
         view_box = svg["@viewBox"]
         view_box = view_box.split(" ")
         width = float(view_box[-2])
         height = float(view_box[-1])
-        title = None
         if "x" in svg.keys():
             metadata["x"] = svg["x"]
         if "y" in svg.keys():
             metadata["x"] = svg["y"]
         if "title" in svg.keys():
-            title = svg["title"]
+            metadata["title"] = svg["title"]
         description = None
         if "description" in svg.keys():
             description = svg["description"]
-        metadata["svg_version"] = version
-        metadata["base_profile"] = base_profile
-        metadata["title"] = title
+        if "overflow" in svg.keys():
+            metadata["overflow"] = svg["overflow"]
         if description is not None:
             metadata["description"] = description
         metadata["width"] = width
@@ -222,22 +219,32 @@ def get_svg_metadata(raw_xml: Union[str, bytes]) -> OrderedDict:
 
 
 def check_svg_requirements(svg_metadata: OrderedDict) -> list[str]:
-    _warnings = []
+    _errors = []
     if svg_metadata["svg_version"] != "1.2":
-        _warnings.append(
+        _errors.append(
             f"The SVG version must be 1.2, not {svg_metadata['svg_version']}"
         )
-    if svg_metadata["base_profile"] != "tiny-ps":
-        _warnings.append(f"The SVG base profile must be tiny-ps")
+    if "base_profile" not in svg_metadata.keys():
+        _errors.append(
+            "The SVG is missing a base profile. It must have the "
+            "base profile tiny-ps and conform to its standards. "
+            "https://bimigroup.org/solving-svg-issues/"
+        )
+    else:
+        base_profile = svg_metadata["base_profile"]
+        if base_profile != "tiny-ps":
+            _errors.append(f"The SVG base profile must be tiny-ps, not {base_profile}")
     if svg_metadata["width"] != svg_metadata["height"]:
-        _warnings.append("The SVG dimensions must be square, not {width}x{height}")
+        _errors.append("The SVG dimensions must be square, not {width}x{height}")
     if "title" not in svg_metadata.keys():
-        _warnings.append("The SVG must have a title element")
-    if "x" in svg_metadata.keys() or "y" in svg_metadata.keys():
-        _warnings.append("The SVG cannot include x or y in the svg element")
+        _errors.append("The SVG must have a title element")
+    invalid_attributes = ["x", "y"]
+    for attribute in invalid_attributes:
+        if attribute in svg_metadata.keys():
+            _errors.append(f"The SVG cannot include {attribute} in the svg element")
     if float(svg_metadata["filesize"].strip(" KB")) > 32:
-        _warnings.append("The SVG file exceeds the maximum size of 32 kB")
-    return _warnings
+        _errors.append("The SVG file exceeds the maximum size of 32 KB")
+    return _errors
 
 
 def _get_certificate_san(cert: Union[X509, bytes]) -> list[str]:
@@ -314,9 +321,10 @@ def _decode_components(components: list[tuple[bytes, bytes]]):
     except Exception as e:
         validation_errors.append(str(e))
     if domain is not None:
-        if domain.lower() not in san:
+        base_domain = get_base_domain(domain)
+        if base_domain not in san:
             validation_errors.append(
-                f"{domain} does not match the certificate domains, {san}"
+                f"{base_domain} does not match the certificate domains, {san}"
             )
             metadata["validation_errors"] = validation_errors
             metadata["valid"] = False

checkdmarc/smtp_tls_reporting.py

@@ -317,7 +317,7 @@ def check_smtp_tls_reporting(
     timeout: float = 2.0,
 ) -> OrderedDict:
     """
-    Returns a dictionary with a parsed MTA-STS policy or an error.
+    Returns a dictionary with a parsed SMTP-TLS Reporting policy or an error.
 
     Args:
         domain (str): A domain name
@@ -329,9 +329,8 @@ def check_smtp_tls_reporting(
     Returns:
         OrderedDict: An ``OrderedDict`` with the following keys:
 
-                       - ``id`` - The SIS-MTA DNS record ID
-                       - ``policy`` - The parsed MTA-STS policy
                        - ``valid`` - True
+                         ``tags`` - A dictionary of tags and values
                        - ``warnings`` - A ``list`` of warnings
 
                     If an error occurs, the dictionary will have the

checkdmarc/spf.py

@@ -87,6 +87,10 @@ class MultipleSPFRTXTRecords(SPFError):
     """Raised when multiple TXT spf1 records are found"""
 
 
+class UndecodableCharactersInTXTRecord(_SPFWarning):
+    """Raised when a TXT record contains one or more undecodable characters"""
+
+
 class SPFSyntaxError(SPFError):
     """Raised when an SPF syntax error is found"""
 
@@ -177,6 +181,10 @@ def query_spf_record(
         )
         spf_record = None
         for record in answers:
+            if record == "Undecodable characters":
+                raise UndecodableCharactersInTXTRecord(
+                    f"A TXT record at {domain} " "contains undecodable " "characters"
+                )
             if record.startswith(txt_prefix):
                 spf_txt_records.append(record)
         if len(spf_txt_records) > 1:
@@ -325,6 +333,11 @@ def parse_spf_record(
             if mechanism == "a":
                 if value == "":
                     value = domain
+                cidr = None
+                value = domain.split("/")
+                value = value[0]
+                if len(value) == 2:
+                    cidr = value[1]
                 a_records = get_a_records(
                     value, nameservers=nameservers, resolver=resolver, timeout=timeout
                 )
@@ -333,6 +346,8 @@ def parse_spf_record(
                         f"{value.lower()} does not have any A/AAAA records"
                     )
                 for record in a_records:
+                    if cidr:
+                        record = f"{record}/{cidr}"
                     parsed[result].append(
                         OrderedDict([("value", record), ("mechanism", mechanism)])
                     )

checkdmarc/utils.py

@@ -127,7 +127,7 @@ def query_dns(
             try:
                 r = r.decode()
             except UnicodeDecodeError:
-                pass
+                r = "Undecodable characters"
             records.append(r)
     else:
         records = list(

docs/source/api.md

@@ -39,8 +39,8 @@
 
 ```{eval-rst}
 .. automodule:: checkdmarc.smtp_tls_reporting
-   :mem
-
+   :members:
+```
 
 ## checkdmarc.smtp