My assumption was that he was expecting to get "com.com" back instead of " subdomain.com". www.subdomain being the subdomain of com.com, which is a valid website.
Jon On Fri, Oct 7, 2016 at 2:10 PM james-sirota <[email protected]> wrote: > Github user james-sirota commented on a diff in the pull request: > > > https://github.com/apache/incubator-metron/pull/300#discussion_r82441035 > > --- Diff: > metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/NetworkFunctions.java > --- > @@ -78,13 +78,16 @@ public Object apply(List<Object> list) { > > @Override > public Object apply(List<Object> objects) { > + if(objects.isEmpty()) { > + return null; > + } > Object dnObj = objects.get(0); > InternetDomainName idn = toDomainName(dnObj); > if(idn != null) { > String dn = dnObj.toString(); > String tld = idn.publicSuffix().toString(); > - String suffix = > Iterables.getFirst(Splitter.on(tld).split(dn), null); > - if(suffix != null) > + String suffix = dn.substring(0, dn.length() - tld.length()); > + if(suffix != null ) > --- End diff -- > > www.subdomain.com.com is not a valid TLD. for a list of valid > domains see here: https://publicsuffix.org/list/effective_tld_names.dat > > If the system sees this kind of domain this should immediately be > flagged as alert and triaged with a very high score > > > --- > If your project is set up for it, you can reply to this email and have your > reply appear on GitHub as well. If your project does not have this feature > enabled and wishes so, or if the feature is enabled but not working, please > contact infrastructure at [email protected] or file a JIRA ticket > with INFRA. > --- > -- Jon
