Translations for diagnostics, and resole checks

Author: Lissy93

scripts/find-hardcoded-text.ts

@@ -153,8 +153,9 @@ function scanDirectory(dirPath: string): HardcodedText[] {
         continue;
       }
 
-      // Validate safeName to prevent path traversal and unsafe characters
-      if (safeName.includes('..') || /[^a-zA-Z0-9._-]/.test(safeName)) {
+      // Validate safeName to prevent path traversal
+      // Allow SvelteKit file naming patterns: +page.svelte, [lang], (sections), etc.
+      if (safeName.includes('..')) {
         console.error(`Unsafe file or directory name blocked: ${safeName}`);
         continue;
       }

src/lib/i18n/translations/en/diagnostics/dns-dmarc-check.json

@@ -1,28 +1,190 @@
 {
-  "title": "DMARC Record Checker",
-  "description": "Check and validate DMARC (Domain-based Message Authentication) records",
+  "title": "DMARC Policy Checker",
+  "subtitle": "Analyze DMARC (Domain-based Message Authentication, Reporting & Conformance) policies. Check policy configuration, alignment settings, and identify potential security issues.",
+
+  "examples": {
+    "title": "DMARC Examples",
+    "items": {
+      "google": {
+        "domain": "google.com",
+        "description": "Google DMARC policy",
+        "tooltip": "Check DMARC policy for google.com (Google DMARC policy)"
+      },
+      "github": {
+        "domain": "github.com",
+        "description": "GitHub enterprise DMARC",
+        "tooltip": "Check DMARC policy for github.com (GitHub enterprise DMARC)"
+      },
+      "microsoft": {
+        "domain": "microsoft.com",
+        "description": "Microsoft DMARC configuration",
+        "tooltip": "Check DMARC policy for microsoft.com (Microsoft DMARC configuration)"
+      },
+      "paypal": {
+        "domain": "paypal.com",
+        "description": "PayPal strict DMARC policy",
+        "tooltip": "Check DMARC policy for paypal.com (PayPal strict DMARC policy)"
+      },
+      "amazon": {
+        "domain": "amazon.com",
+        "description": "Amazon DMARC implementation",
+        "tooltip": "Check DMARC policy for amazon.com (Amazon DMARC implementation)"
+      },
+      "salesforce": {
+        "domain": "salesforce.com",
+        "description": "Salesforce DMARC setup",
+        "tooltip": "Check DMARC policy for salesforce.com (Salesforce DMARC setup)"
+      }
+    }
+  },
 
   "form": {
-    "title": "DMARC Check",
-    "domain": {
-      "label": "Domain",
-      "placeholder": "example.com"
-    },
-    "check": "Check DMARC",
-    "checking": "Checking...",
-    "error": "Please enter a domain"
+    "title": "DMARC Policy Check",
+    "domainLabel": "Domain Name",
+    "domainTooltip": "Enter the domain to check DMARC policy for",
+    "domainPlaceholder": "example.com",
+    "checkButton": "Check DMARC Policy",
+    "checking": "Checking DMARC..."
   },
 
   "results": {
-    "title": "DMARC Record Results",
-    "found": "DMARC Record Found",
-    "not_found": "DMARC Record Not Found",
-    "policy": "Policy",
-    "subdomain_policy": "Subdomain Policy",
-    "percentage": "Percentage",
-    "rua": "Aggregate Reports (RUA)",
-    "ruf": "Forensic Reports (RUF)",
-    "valid": "Valid",
-    "invalid": "Invalid"
+    "title": "DMARC Policy Analysis",
+    "copy": "Copy Results",
+    "copied": "Copied!",
+
+    "status": {
+      "secure": "DMARC Configuration Secure",
+      "issuesFound": "DMARC Issues Found",
+      "needsImprovement": "DMARC Needs Improvement",
+      "noCriticalIssues": "No critical issues detected",
+      "issuesIdentified": "{count} issue{plural} identified"
+    },
+
+    "recordSection": {
+      "title": "DMARC Record",
+      "location": "_dmarc.{domain}"
+    },
+
+    "policyConfiguration": {
+      "title": "Policy Configuration",
+      "mainPolicy": "Main Policy",
+      "subdomainPolicy": "Subdomain Policy",
+      "coverage": "Coverage",
+      "dkimAlignment": "DKIM Alignment",
+      "spfAlignment": "SPF Alignment",
+      "failureOptions": "Failure Options",
+
+      "policies": {
+        "reject": "Reject non-compliant messages",
+        "quarantine": "Quarantine suspicious messages",
+        "none": "Monitor only, no action",
+        "unknown": "Unknown policy"
+      },
+
+      "alignment": {
+        "strict": "Strict",
+        "relaxed": "Relaxed",
+        "strictDescription": "Exact domain match",
+        "relaxedDescription": "Organizational domain match"
+      },
+
+      "coverageDescription": "of messages affected",
+
+      "failureOptionsDescriptions": {
+        "both": "DKIM and SPF failure",
+        "any": "Any alignment failure",
+        "dkim": "DKIM failure only",
+        "spf": "SPF failure only",
+        "custom": "Custom configuration"
+      }
+    },
+
+    "reporting": {
+      "title": "Reporting Configuration",
+      "aggregateReports": "Aggregate Reports (RUA)",
+      "forensicReports": "Forensic Reports (RUF)",
+      "notConfigured": "Not configured"
+    },
+
+    "issues": {
+      "title": "Issues & Recommendations",
+      "messages": {
+        "policyNone": "Policy is set to \"none\" - no action taken on DMARC failures",
+        "relaxedAlignment": "Both DKIM and SPF alignment are relaxed - consider strict alignment",
+        "noAggregateReporting": "No aggregate reporting address (rua) specified",
+        "noForensicReporting": "No forensic reporting address (ruf) specified",
+        "partialCoverage": "Only {percentage}% of messages are subject to DMARC policy"
+      },
+      "severityLevels": {
+        "high": "HIGH",
+        "medium": "MEDIUM",
+        "low": "LOW"
+      }
+    }
+  },
+
+  "noRecord": {
+    "title": "No DMARC Record Found",
+    "message": "Domain {domain} does not have a DMARC policy configured at {dmarcDomain}.",
+    "helpText": "This means the domain is not protected by DMARC. Consider implementing a DMARC policy to prevent email spoofing."
+  },
+
+  "error": {
+    "title": "DMARC Check Failed",
+    "lookupFailed": "DMARC check failed: {status}",
+    "unknownError": "Unknown error occurred"
+  },
+
+  "copy": {
+    "header": "DMARC Check for {domain}",
+    "generatedAt": "Generated at: {timestamp}",
+    "recordLabel": "DMARC Record:",
+    "parsedPolicyLabel": "Parsed Policy:",
+    "mainPolicyLabel": "Main Policy:",
+    "subdomainPolicyLabel": "Subdomain Policy:",
+    "dkimAlignmentLabel": "DKIM Alignment:",
+    "spfAlignmentLabel": "SPF Alignment:",
+    "percentageLabel": "Percentage:",
+    "aggregateReportsLabel": "Aggregate Reports:",
+    "forensicReportsLabel": "Forensic Reports:",
+    "failureOptionsLabel": "Failure Options:",
+    "issuesFoundLabel": "Issues Found:",
+    "noIssuesFound": "No issues found - DMARC configuration looks good!",
+    "alignmentStrict": "strict",
+    "alignmentRelaxed": "relaxed"
+  },
+
+  "educational": {
+    "title": "Understanding DMARC",
+
+    "policies": {
+      "title": "DMARC Policies",
+      "none": "Monitor mode - collect data but take no action on failures",
+      "quarantine": "Mark suspicious messages, often sent to spam folder",
+      "reject": "Reject non-compliant messages outright (strongest security)"
+    },
+
+    "alignmentModes": {
+      "title": "Alignment Modes",
+      "relaxed": "Allows organizational domain matching (default)",
+      "strict": "Requires exact domain matching (more secure)"
+    },
+
+    "reportingTypes": {
+      "title": "Reporting Types",
+      "aggregate": "Daily summary reports of DMARC activity",
+      "forensic": "Real-time failure reports with message samples"
+    },
+
+    "bestPractices": {
+      "title": "Best Practices",
+      "items": {
+        "startMonitoring": "Start with p=none to monitor before enforcement",
+        "gradualEnforcement": "Gradually increase to p=quarantine then p=reject",
+        "setupReporting": "Set up aggregate reporting to monitor DMARC activity",
+        "strictAlignment": "Use strict alignment for enhanced security when possible",
+        "subdomainPolicy": "Consider subdomain policy for comprehensive coverage"
+      }
+    }
   }
 }

src/lib/i18n/translations/en/diagnostics/dns-dnssec-validation-chain.json

@@ -1,27 +1,124 @@
 {
-  "title": "DNSSEC Validation Chain",
-  "description": "Trace and validate the DNSSEC chain of trust for a domain",
+  "title": "DNSSEC Validation Chain Checker",
+  "subtitle": "Validate DNSSEC chain from root to domain, verify DS/DNSKEY matching and RRSIG signatures",
+
+  "examples": {
+    "title": "Quick Examples",
+    "items": {
+      "govuk": {
+        "domain": "gov.uk",
+        "description": "UK Government (DNSSEC Enabled)",
+        "tooltip": "Check DNSSEC for gov.uk"
+      },
+      "cloudflare": {
+        "domain": "cloudflare.com",
+        "description": "Cloudflare (DNSSEC Enabled)",
+        "tooltip": "Check DNSSEC for cloudflare.com"
+      },
+      "failed": {
+        "domain": "dnssec-failed.org",
+        "description": "DNSSEC Failed Test",
+        "tooltip": "Check DNSSEC for dnssec-failed.org"
+      },
+      "google": {
+        "domain": "google.com",
+        "description": "Google (DNSSEC Enabled)",
+        "tooltip": "Check DNSSEC for google.com"
+      },
+      "isc": {
+        "domain": "isc.org",
+        "description": "ISC (DNSSEC Pioneer)",
+        "tooltip": "Check DNSSEC for isc.org"
+      },
+      "ietf": {
+        "domain": "ietf.org",
+        "description": "IETF (DNSSEC Enabled)",
+        "tooltip": "Check DNSSEC for ietf.org"
+      }
+    }
+  },
 
   "form": {
-    "title": "DNSSEC Chain Validation",
-    "domain": {
-      "label": "Domain",
-      "placeholder": "example.com"
-    },
-    "validate": "Validate DNSSEC Chain",
-    "validating": "Validating...",
-    "error": "Please enter a domain"
+    "title": "Domain Name",
+    "domainLabel": "Domain to Validate",
+    "domainPlaceholder": "example.com",
+    "validateButton": "Validate DNSSEC Chain",
+    "validating": "Validating..."
+  },
+
+  "loading": {
+    "title": "Validating DNSSEC Chain",
+    "message": "Querying DNS records from root to {domain}..."
+  },
+
+  "error": {
+    "title": "Validation Failed",
+    "invalidDomain": "Please enter a valid domain name",
+    "validationFailed": "DNSSEC validation failed",
+    "unexpectedError": "An unexpected error occurred"
   },
 
   "results": {
     "title": "DNSSEC Validation Results",
-    "secure": "Secure",
-    "insecure": "Insecure",
-    "bogus": "Bogus",
-    "chain_valid": "Chain Valid",
-    "chain_broken": "Chain Broken",
-    "ds_records": "DS Records",
-    "dnskey_records": "DNSKEY Records",
-    "rrsig_records": "RRSIG Records"
+    "summary": {
+      "valid": "DNSSEC Valid",
+      "invalid": "DNSSEC Invalid",
+      "domain": "Domain:",
+      "chainLinks": "Chain Links:",
+      "validated": "Validated:",
+      "status": "Status:",
+      "secure": "Secure",
+      "brokenChain": "Broken Chain",
+      "errors": "Validation Errors:"
+    },
+    "chain": {
+      "title": "DNSSEC Chain",
+      "level": "Level {level}",
+      "ds": {
+        "title": "DS Records",
+        "tooltip": "Delegation Signer records link this zone to the parent zone",
+        "keyTag": "Key Tag:",
+        "keyTagTooltip": "Identifier for the DNSKEY this DS record refers to",
+        "algorithm": "Algorithm:",
+        "algorithmTooltip": "Cryptographic algorithm used for signing",
+        "digestType": "Digest Type:",
+        "digestTypeTooltip": "Hash algorithm used to create the digest",
+        "hash": "Hash:",
+        "hashTooltip": "Hash of the DNSKEY record"
+      },
+      "dnskey": {
+        "title": "DNSKEY Records",
+        "tooltip": "Public keys used to verify DNSSEC signatures",
+        "keyTag": "Key Tag:",
+        "keyTagTooltip": "Identifier for this DNSKEY",
+        "flags": "Flags:",
+        "flagsTooltip": "Key properties: 256=ZSK, 257=KSK",
+        "algorithm": "Algorithm:",
+        "algorithmTooltip": "Cryptographic algorithm used for signing",
+        "matchedDS": "Matched DS",
+        "matchedDSTooltip": "This DNSKEY matches a DS record in the parent zone",
+        "ksk": "KSK",
+        "kskTooltip": "Key Signing Key - signs other DNSKEYs",
+        "zsk": "ZSK",
+        "zskTooltip": "Zone Signing Key - signs zone data"
+      },
+      "rrsig": {
+        "title": "RRSIG Records",
+        "tooltip": "Digital signatures created with DNSKEY to authenticate DNS data",
+        "typeCovered": "Type Covered:",
+        "typeCoveredTooltip": "DNS record type this signature covers",
+        "keyTag": "Key Tag:",
+        "keyTagTooltip": "Identifies which DNSKEY created this signature",
+        "signer": "Signer:",
+        "signerTooltip": "Zone that created this signature",
+        "valid": "Valid",
+        "validTooltip": "Signature is valid and within time window",
+        "invalid": "Invalid",
+        "invalidTooltip": "Signature is expired or not yet valid"
+      },
+      "errors": {
+        "title": "Errors"
+      }
+    }
   }
 }