New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
x/net/publicsuffix: should validate TLD against publicSuffix / IANA #23554
Comments
CC @nigeltao |
I'm not sure if I understand what you are trying to accomplish. The suggestion to "add an additional bool to the PublicSuffix return to represent whether it was on the list or not" would be an incompatible API change is is therefore not a real option. Exposing find() seems very strange to me as this is a pure helper to work with the internal representation of the public suffix list. Exporting it alone is not enough: To make it useful we would have to export all the implementation details---especially the whole tree structure used to store the list. Note that find() operates on single labels (like "iwanta"), not on domains like "iwanta.purpleunicorn"). If I understand your intention you want to be able to distinguish between "invalid" and "valid" hostnames. Depending on what exactly "invalid" means this might be simple or outright impossible. Some domain names are malformed like "payme.$$$" as "$" is not allowed in a label or "4.5.6.7" should be treated as an IP address in doted decimal form. See RFCs 1034 and 1123 as an intro. So some types of "invalid" domain names can be detected without consulting the public suffix list. Regarding "iwanta.purpleunicorn": I assume you want some way to determin that "iwanta.purpleunicon" is not a valid host name simply because "purpleunicorn" is not a TLD in use? If your use case is about determin whether "purpleunicorn" is a TLD or not I would suggest inspecting the official list of TLDs available via https://www.icann.org/resources/pages/tlds-2012-02-25-en . |
The attempt here was to identify whether or not a TLD is valid, not the hostname. Validity is determined by available TLDs provided by registries. PublicSuffix does incorporate all of these TLDs, but does not offer validation against them. I do see your stance on how this request is likely out of intended scope, but it certainly seemed to be the most appropriate package to incorporate said function. Perhaps an additional function within the PublicSuffix package would be appropriate or is it in best fashion to have an entire TLD package which incorporates this use? |
Essentially what is accomplished here: |
@Agronis FYI there is no guarantee that the PSL contains all the IANA suffixes, nor that it is up to date with the latest changes that may be pushed at any time by IANA. Moreover, some TLDs may be reserved, others revoked and there's no way to capture these informations in the PSL. As a result, the final behavior may not be what you are looking for. For instance, you may want to ignore the revoked TLDs if you only care about validating actual real domains, but you may be care for certain other uses where any TLD ever created matters. The PSL is really not the best way to accomplish such validation. You should probably have a custom function for that, or use a package that offers that feature. |
No it doesn't. TLDs covered by the implicit * rule are not part of the PSL. What prevents using github.com/inhies/go-tld for your purpose? While I think that TLD validation is useful I doubt that package publicsuffix is the right place. For this reasons I would recommend closing this issue. |
I agree with @vdobler. As explained in my previous comment, I confirm there is no guarantee that the PSL includes all the TLD and therefore it's not safe to use it for such type of validation. |
Please answer these questions before submitting your issue. Thanks!
What version of Go are you using (
go version
)?go1.9.3 darwin/amd64
Does this issue reproduce with the latest release?
Yes
What did you do?
Fed PublicSuffix() invalid hostnames
What do you expect to see?
At the very least, a bool to represent if TLD is listed on the publicSuffix.dat / IANA record.
What did you see instead?
Suffix returned is exactly what was given.
I realize this is working as intended, however, the find() func within list.go offers exactly what this issue looks to solve but it is not externally accessible.
Without the ability to validate the TLD, this function is essentially "Is it ICANN supported?" as it will always return a suffix - valid or not.
Please consider either opening the find() function to be externally accessible, or add an additional bool to the PublicSuffix return to represent whether it was on the list or not. The need to re-import this list, recompile it and remake the functionality to map through it seems unnecessary when the functionality has just been hidden within this code.
https://play.golang.org/p/mtaIwNRR__D
The text was updated successfully, but these errors were encountered: