[
https://issues.apache.org/jira/browse/METRON-489?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15555811#comment-15555811
]
ASF GitHub Bot commented on METRON-489:
---------------------------------------
Github user james-sirota commented on a diff in the pull request:
https://github.com/apache/incubator-metron/pull/300#discussion_r82441035
--- Diff:
metron-platform/metron-common/src/main/java/org/apache/metron/common/dsl/functions/NetworkFunctions.java
---
@@ -78,13 +78,16 @@ public Object apply(List<Object> list) {
@Override
public Object apply(List<Object> objects) {
+ if(objects.isEmpty()) {
+ return null;
+ }
Object dnObj = objects.get(0);
InternetDomainName idn = toDomainName(dnObj);
if(idn != null) {
String dn = dnObj.toString();
String tld = idn.publicSuffix().toString();
- String suffix = Iterables.getFirst(Splitter.on(tld).split(dn),
null);
- if(suffix != null)
+ String suffix = dn.substring(0, dn.length() - tld.length());
+ if(suffix != null )
--- End diff --
www.subdomain.com.com is not a valid TLD. for a list of valid domains see
here: https://publicsuffix.org/list/effective_tld_names.dat
If the system sees this kind of domain this should immediately be flagged
as alert and triaged with a very high score
> RemoveSubdomains Stellar Function behaves incorrectly for some domains
> ----------------------------------------------------------------------
>
> Key: METRON-489
> URL: https://issues.apache.org/jira/browse/METRON-489
> Project: Metron
> Issue Type: Bug
> Reporter: Casey Stella
> Assignee: Casey Stella
> Original Estimate: 1h
> Remaining Estimate: 1h
>
> com.com throws an exception
> www.subdomain.com.com returns subdomain.com
> Unsure if other standard weirdness with TLDs get handled like this (e.g.
> net.net, co.uk.co.uk)
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
