globalcyberalliance · SeanM-temp · Jul 24, 2024 · Jul 24, 2024 · Jul 24, 2024 · Jul 29, 2024
diff --git a/README.md b/README.md
@@ -84,7 +84,7 @@ this `http://server-ip:port/api/v1/scan/globalcyberalliance.org`, which will ret
       "alt3.aspmx.l.google.com.",
       "alt4.aspmx.l.google.com."
     ],
-    "spf": "v=spf1 include:_u.globalcyberalliance.org._spf.smart.ondmarc.com -all",
+    "spf": "v=spf1 include:_u.globalcyberalliance.org._spf.smart.ondmarc.com -all"
   },
   "advice": {
     "bimi": [
@@ -203,7 +203,8 @@ Which will return a JSON response like this:
 
 ## Serve Dedicated Mailbox
 
-You can also serve scan results via a dedicated mailbox. It is advised that you use this mailbox for this sole purpose, as all emails will be deleted at each 10 second interval.
+You can also serve scan results via a dedicated mailbox. It is advised that you use this mailbox for this sole purpose,
+as all emails will be deleted at each 10 second interval.
 
 ```shell
 dss serve mail --inboundHost "imap.gmail.com:993" --inboundPass "SomePassword" --inboundUser "[email protected]" --outboundHost "smtp.gmail.com:587" --outboundPass "SomePassword" --outboundUser "[email protected]" --advise
@@ -223,6 +224,7 @@ You can then email this inbox from any address, and you'll receive an email back
 | `--dkimSelector` |       | Specify a comma seperated list of DKIM selectors (default "")                                                   |
 | `--dnsBuffer`    |       | Specify the allocated buffer for DNS responses (default 4096)                                                   |
 | `--dnsProtocol`  |       | Protocol to use for DNS queries (udp, tcp, tcp-tls) (default udp)                                               |
+| `--dnssec`       |       | Include scan for DNSSEC records                                                                                 |
 | `--format`       | `-f`  | Format to print results in (yaml, json, csv) (default "yaml")                                                   |
 | `--nameservers`  | `-n`  | Use specific nameservers, in host[:port] format; may be specified multiple times                                |
 | `--outputFile`   | `-o`  | Output the results to a specified file (creates a file with the current unix timestamp if no file is specified) |

diff --git a/cmd/dss/config.go b/cmd/dss/config.go
@@ -32,7 +32,7 @@ var (
 			case "nameservers":
 				printToConsole("nameservers: " + cast.ToString(cfg.Nameservers))
 			default:
-				log.Fatal().Msg("unknown config key")
+				log.Fatal().Msg("Unknown config key")
 			}
 		},
 	}
@@ -47,11 +47,11 @@ var (
 			case "nameservers":
 				cfg.Nameservers = strings.Split(args[1], ",")
 			default:
-				log.Fatal().Msg("unknown config key")
+				log.Fatal().Msg("Unknown config key")
 			}
 
 			if err := cfg.Save(); err != nil {
-				log.Fatal().Err(err).Msg("unable to save config")
+				log.Fatal().Err(err).Msg("Unable to save config")
 			}
 
 			log.Info().Msg("Config updated")
@@ -93,7 +93,7 @@ func (c *Config) Load() error {
 	// create config if it doesn't exist
 	if _, err := os.Stat(c.path); os.IsNotExist(err) {
 		if err = os.MkdirAll(c.dir, os.ModePerm); err != nil {
-			log.Fatal().Err(err).Msg("failed to create config directory")
+			log.Fatal().Err(err).Msg("Failed to create config directory")
 		}
 
 		if err = c.Save(); err != nil {
@@ -104,11 +104,11 @@ func (c *Config) Load() error {
 	// read config
 	configData, err := os.ReadFile(c.path)
 	if err != nil {
-		log.Fatal().Err(err).Msg("unable to read config file")
+		log.Fatal().Err(err).Msg("Unable to read config file")
 	}
 
 	if err = yaml.Unmarshal(configData, &c); err != nil {
-		log.Fatal().Err(err).Msg("unable to unmarshal config values")
+		log.Fatal().Err(err).Msg("Unable to unmarshal config values")
 	}
 
 	return nil
@@ -117,7 +117,7 @@ func (c *Config) Load() error {
 func (c *Config) Save() error {
 	configData, err := yaml.Marshal(c)
 	if err != nil {
-		log.Fatal().Err(err).Msg("unable to marshal default config")
+		log.Fatal().Err(err).Msg("Unable to marshal default config")
 	}
 
 	return os.WriteFile(c.path, configData, os.ModePerm)

diff --git a/cmd/dss/main.go b/cmd/dss/main.go
@@ -26,7 +26,7 @@ var (
 		Use:     "dss",
 		Short:   "Scan a domain's DNS records.",
 		Long:    "Scan a domain's DNS records.\nhttps://github.com/globalcyberalliance/domain-security-scanner",
-		Version: "3.0.16",
+		Version: "3.0.17",
 		PersistentPreRun: func(cmd *cobra.Command, args []string) {
 			var logWriter io.Writer
 

diff --git a/cmd/dss/scan.go b/cmd/dss/scan.go
@@ -4,7 +4,6 @@ import (
 	"bufio"
 	"os"
 
-	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/advisor"
 	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/model"
 	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/scanner"
 	"github.com/spf13/cobra"
@@ -26,19 +25,17 @@ var cmdScan = &cobra.Command{
 			scanner.WithDNSBuffer(dnsBuffer),
 			scanner.WithDNSProtocol(dnsProtocol),
 			scanner.WithNameservers(nameservers),
+			scanner.WithCheckTLS(checkTLS),
 		}
 
 		if len(dkimSelector) > 0 {
 			opts = append(opts, scanner.WithDKIMSelectors(dkimSelector...))
 		}
-
 		sc, err := scanner.New(log, timeout, opts...)
 		if err != nil {
 			log.Fatal().Err(err).Msg("An unexpected error occurred.")
 		}
 
-		domainAdvisor := advisor.NewAdvisor(timeout, cache, checkTLS)
-
 		if format == "csv" && outputFile == "" {
 			log.Info().Msg("CSV header: domain,BIMI,DKIM,DMARC,MX,SPF,TXT,error,advice")
 		}
@@ -65,7 +62,7 @@ var cmdScan = &cobra.Command{
 				}
 
 				for _, result := range results {
-					printResult(result, domainAdvisor)
+					printResult(result, sc)
 				}
 			}
 
@@ -84,12 +81,12 @@ var cmdScan = &cobra.Command{
 		}
 
 		for _, result := range results {
-			printResult(result, domainAdvisor)
+			printResult(result, sc)
 		}
 	},
 }
 
-func printResult(result *scanner.Result, domainAdvisor *advisor.Advisor) {
+func printResult(result *scanner.Result, sc *scanner.Scanner) {
 	if result == nil {
 		log.Fatal().Msg("An unexpected error occurred.")
 	}
@@ -99,7 +96,7 @@ func printResult(result *scanner.Result, domainAdvisor *advisor.Advisor) {
 	}
 
 	if advise && result.Error != scanner.ErrInvalidDomain {
-		resultWithAdvice.Advice = domainAdvisor.CheckAll(result.Domain, result.BIMI, result.DKIM, result.DMARC, result.MX, result.SPF)
+		resultWithAdvice.Advice = sc.CheckAll(result.Domain, result.BIMI, result.DKIM, result.DMARC, result.DNSSEC, result.MX, result.SPF, result.STS, result.STSPolicy)
 	}
 
 	printToConsole(resultWithAdvice)

diff --git a/cmd/dss/serve.go b/cmd/dss/serve.go
@@ -3,7 +3,6 @@ package main
 import (
 	"time"
 
-	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/advisor"
 	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/http"
 	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/mail"
 	"github.com/globalcyberalliance/domain-security-scanner/v3/pkg/scanner"
@@ -53,6 +52,7 @@ var (
 				scanner.WithDNSBuffer(dnsBuffer),
 				scanner.WithDNSProtocol(dnsProtocol),
 				scanner.WithNameservers(nameservers),
+				scanner.WithCheckTLS(checkTLS),
 			}
 
 			if len(dkimSelector) > 0 {
@@ -65,9 +65,6 @@ var (
 			}
 
 			server := http.NewServer(log, timeout, cmd.Version)
-			if advise {
-				server.Advisor = advisor.NewAdvisor(timeout, cache, checkTLS)
-			}
 			server.CheckTLS = checkTLS
 			server.Scanner = sc
 
@@ -85,6 +82,7 @@ var (
 				scanner.WithDNSBuffer(dnsBuffer),
 				scanner.WithDNSProtocol(dnsProtocol),
 				scanner.WithNameservers(nameservers),
+				scanner.WithCheckTLS(checkTLS),
 			}
 
 			if len(dkimSelector) > 0 {
@@ -96,7 +94,7 @@ var (
 				log.Fatal().Err(err).Msg("could not create domain scanner")
 			}
 
-			mailServer, err := mail.NewMailServer(mailConfig, log, sc, advisor.NewAdvisor(timeout, cache, checkTLS))
+			mailServer, err := mail.NewMailServer(mailConfig, log, sc, advise)
 			if err != nil {
 				log.Fatal().Err(err).Msg("could not open mail server connection")
 			}