github · TooManyBees · Jun 5, 2025 · Jun 3, 2025 · Jun 5, 2025 · tsusdere
@@ -16,7 +16,7 @@ Gem::Specification.new do |s|
   s.files                 = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
   s.require_paths         = ["lib"]
 
-  s.add_dependency("addressable", "~> 2.3")
+  s.add_dependency("addressable", "~> 2.8.7")
   s.add_dependency("dnsruby", "~> 1.60")
   s.add_dependency("octokit", ">= 4", "< 10")
   s.add_dependency("public_suffix", ">= 3.0", "< 7.0")

@@ -1,5 +1,7 @@
 # frozen_string_literal: true
 
+require "securerandom"
+
 module GitHubPages
   module HealthCheck
     class Domain < Checkable
@@ -442,6 +444,40 @@ def served_by_pages?
         end
       end
 
+      def parent_domain
+        parsed = PublicSuffix.parse(host)
+        parent = host.split(".", 2).last
+        if parent == parsed.tld
+          return nil
+        end
+
+        parent
+      rescue PublicSuffix::DomainNotAllowed
+        nil
+      end
+
+      def maybe_wildcard?
+        return @maybe_wildcard if defined? @maybe_wildcard
+        return false unless dns_resolves?
+        return false unless parent_domain
+
+        sibling_domain = SecureRandom.alphanumeric(20) + "." + parent_domain
+
+        @maybe_wildcard = begin
+          wildcard_resolver = GitHubPages::HealthCheck::Resolver.new(sibling_domain, :nameservers => nameservers)
+
+          [Dnsruby::Types::A, Dnsruby::Types::AAAA].any? do |record_type|
+            wildcard_resolver.query(record_type).any? do |record|
+              record.respond_to?(:address) && github_pages_ip?(record.address)
+            end
+          end
+        end
+      end
+
+      def wildcard_warning
+        Errors::WildcardRecordError.new :domain => self, :parent_domain => parent_domain if maybe_wildcard?
+      end
+
       def uri(overrides = {})
         options = { :host => host, :scheme => scheme, :path => "/" }
         options = options.merge(overrides)

@@ -0,0 +1,26 @@
+# frozen_string_literal: true
+
+module GitHubPages
+  module HealthCheck
+    module Errors
+      class WildcardRecordError < GitHubPages::HealthCheck::Error
+        DOCUMENTATION_PATH = "/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages/"
+
+        attr_reader :parent_domain
+
+        def initialize(repository: nil, domain: nil, parent_domain: nil)
+          super(:repository => repository, :domain => domain)
+          @parent_domain = parent_domain
+        end
+
+        def message
+          <<-MSG
+            The DNS record for your domain appears to be *.#{parent_domain}, a wildcard record.
+            Your GitHub Pages site will still work, but unless you verify ownership of #{parent_domain},
+            any GitHub Pages user can serve their content from an arbitrary subdomain of it.
+          MSG
+        end
+      end
+    end
+  end
+end
@@ -4,6 +4,6 @@
 
 RSpec.describe(GitHubPages::HealthCheck::Errors) do
   it "returns the errors" do
-    expect(GitHubPages::HealthCheck::Errors.all.count).to eql(10)
+    expect(GitHubPages::HealthCheck::Errors.all.count).to eql(11)
   end
 end