Merge pull request #13877 from rgacogne/remove-harvestCSPFromRecs

validate: Remove unused `harvestCSPFromRecs()`
PowerDNS · Mar 12, 2024 · 47e2d7a · 47e2d7a
2 parents aa37f51 + 2c5fe4f
commit 47e2d7a
Show file tree

Hide file tree

Showing 2 changed files with 1 addition and 30 deletions.
diff --git a/pdns/validate.cc b/pdns/validate.cc
@@ -705,7 +705,7 @@ dState getDenial(const cspmap_t &validrrsets, const DNSName& qname, const uint16
 
         if (g_maxNSEC3sPerRecordToConsider > 0 && nsec3sConsidered >= g_maxNSEC3sPerRecordToConsider) {
           VLOG(log, qname << ": Too many NSEC3s for this record"<<endl);
-          context.d_limitHit = true;          
+          context.d_limitHit = true;
           return dState::NODENIAL;
         }
         nsec3sConsidered++;
@@ -1103,34 +1103,6 @@ vState validateWithKeySet(time_t now, const DNSName& name, const sortedRecords_t
   return vState::BogusNoValidRRSIG;
 }
 
-// returns vState
-// should return vState, zone cut and validated keyset
-// i.e. www.7bits.nl -> insecure/7bits.nl/[]
-//      www.powerdnssec.org -> secure/powerdnssec.org/[keys]
-//      www.dnssec-failed.org -> bogus/dnssec-failed.org/[]
-
-cspmap_t harvestCSPFromRecs(const vector<DNSRecord>& recs)
-{
-  cspmap_t cspmap;
-  for(const auto& rec : recs) {
-    //        cerr<<"res "<<rec.d_name<<"/"<<rec.d_type<<endl;
-    if (rec.d_type == QType::OPT) {
-      continue;
-    }
-
-    if(rec.d_type == QType::RRSIG) {
-      auto rrc = getRR<RRSIGRecordContent>(rec);
-      if (rrc) {
-        cspmap[{rec.d_name,rrc->d_type}].signatures.push_back(rrc);
-      }
-    }
-    else {
-      cspmap[{rec.d_name, rec.d_type}].records.insert(rec.getContent());
-    }
-  }
-  return cspmap;
-}
-
 bool getTrustAnchor(const map<DNSName,dsmap_t>& anchors, const DNSName& zone, dsmap_t &res)
 {
   const auto& iter = anchors.find(zone);

diff --git a/pdns/validate.hh b/pdns/validate.hh
@@ -107,7 +107,6 @@ vState validateWithKeySet(time_t now, const DNSName& name, const sortedRecords_t
 bool isCoveredByNSEC(const DNSName& name, const DNSName& begin, const DNSName& next);
 bool isCoveredByNSEC3Hash(const std::string& hash, const std::string& beginHash, const std::string& nextHash);
 bool isCoveredByNSEC3Hash(const DNSName& name, const DNSName& beginHash, const DNSName& nextHash);
-cspmap_t harvestCSPFromRecs(const vector<DNSRecord>& recs);
 bool getTrustAnchor(const map<DNSName,dsmap_t>& anchors, const DNSName& zone, dsmap_t &res);
 bool haveNegativeTrustAnchor(const map<DNSName,std::string>& negAnchors, const DNSName& zone, std::string& reason);
 vState validateDNSKeysAgainstDS(time_t now, const DNSName& zone, const dsmap_t& dsmap, const skeyset_t& tkeys, const sortedRecords_t& toSign, const vector<shared_ptr<const RRSIGRecordContent> >& sigs, skeyset_t& validkeys, const OptLog&, pdns::validation::ValidationContext& context);