# frozen_string_literal: true require_relative "base" module Neetob class CLI module Cloudflare class VerifySpf < Base attr_accessor :domain def initialize(domain) super() @domain = domain end def run zone_id = ZONE_IDS[domain.to_sym] unless Thread.current[:audit_mode] raise(StandardError, "Domain '#{domain}' not found.") if zone_id.nil? end url = create_url(zone_id, "dns_records") response = get(url) unless Thread.current[:audit_mode] raise(StandardError, "No DNS records found") if response[:result].empty? end spf_txt_records = response[:result].filter { |dns| dns[:type] == "TXT" && (dns[:content].start_with?("v=spf1") || dns[:content].start_with?("\"v=spf1")) } audit_result = { spf_txt_records: } if spf_txt_records.count > 1 error = "More than one TXT record found for SPF" ui.error(error, print_to_audit_log: false) audit_result[:message] = error elsif spf_txt_records.count == 0 ui.success("No TXT record for SPF present", print_to_audit_log: false) else ui.success("Only one TXT record for SPF present", print_to_audit_log: false) end spf_txt_records.each_with_index do |dns, index| ui.info("SPF TXT #{index + 1}: #{dns[:content]}", print_to_audit_log: false) end if spf_txt_records.count == 1 unique_spf_txt_record = spf_txt_records.first if unique_spf_txt_record[:content].end_with?("-all") || unique_spf_txt_record[:content].end_with?("-all\"") ui.success("SPF TXT record is set to hard fail for SPF compliance", print_to_audit_log: false) else hard_fail_not_set_message = "SPF TXT record is not set to hard fail for SPF compliance" audit_result[:hard_fail_not_set_message] = hard_fail_not_set_message ui.error(hard_fail_not_set_message, print_to_audit_log: false) end end if Thread.current[:audit_mode] audit_result end end end end end end