Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug in ValidateFQDN function #532

Closed
ehsandeep opened this issue Jun 24, 2023 · 2 comments · Fixed by #537
Closed

Bug in ValidateFQDN function #532

ehsandeep opened this issue Jun 24, 2023 · 2 comments · Fixed by #537
Assignees
@MattSilvaa
Labels
defcon31 good first issue Good for newcomers Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.

Comments

@ehsandeep
Copy link
Member

from https://github.com/projectdiscovery/public-bugbounty-programs/blob/main/pkg/dns/dns.go#L27-L36

func ValidateFQDN(value string) bool {
	// check if domain can can be parsed
	tld, err := publicsuffix.EffectiveTLDPlusOne(value)
	if err != nil {
		return false
	}

	// check if top level domain is equal to original and it's a valid domain name
	return tld == value && govalidator.IsDNSName(tld)
}

flagging ngrok.io as invalid domain - https://github.com/projectdiscovery/public-bugbounty-programs/actions/runs/5364609119/jobs/9732904993
@ehsandeep ehsandeep added defcon31 Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors. good first issue Good for newcomers labels Jun 24, 2023
@MattSilvaa
Copy link
Contributor

Hey! I can take this on

@MattSilvaa
Copy link
Contributor

MattSilvaa commented Jun 24, 2023
edited
Loading

So it seems like the reason this is occurring is because ngrok.io is in the PSL. Do you want to change the fqdn logic to not consider the PSL when validating?

EDIT: Modified the logic to only look at the ICANN domains in the PSL

@MattSilvaa MattSilvaa mentioned this issue Jun 24, 2023
Closed
@ehsandeep ehsandeep linked a pull request Jun 25, 2023 that will close this issue
fix(ValidateFQDN): Modifying ValidateFQDN to only look at ICANN domains #534
Closed
@tarunKoyalwar tarunKoyalwar mentioned this issue Jun 26, 2023
Closed
@MattSilvaa MattSilvaa mentioned this issue Jun 27, 2023
Merged
@ehsandeep ehsandeep linked a pull request Jun 27, 2023 that will close this issue
eTLD validation support in ValidateFQDN #537
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@MattSilvaa MattSilvaa

Labels
defcon31 good first issue Good for newcomers Type: Bug Inconsistencies or issues which will cause an issue or problem for users or implementors.
Projects
None yet
Milestone
No milestone
2 participants
@ehsandeep @MattSilvaa