NotAShelf/watchdog
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

internal/normalize: harden against possible attacks; optimize registry

Browse source 
Signed-off-by: NotAShelf <raf@notashelf.dev>
Change-Id: Iaf89cda3c480d6a8371e5f146ee95fcf6a6a6964
This commit is contained in:
raf 2026-03-01 13:08:31 +03:00
commit ffb4ab2295
Signed by: NotAShelf
GPG key ID: 29D95B64378DB4BF
3 changed files with 24 additions and 11 deletions
Download patch file Download diff file Expand all files Collapse all files

5
internal/normalize/referrer.go
View file

@ -89,8 +89,9 @@ func ExtractReferrerDomain(referrer, siteDomain string) string {
// - "news.ycombinator.com" -> "ycombinator.com"
eTLDPlus1, err := publicsuffix.EffectiveTLDPlusOne(hostname)
if err != nil {
// If public suffix lookup fails, use hostname as-is
return hostname
// If public suffix lookup fails (malformed/unknown TLD), return "other"
// to prevent unbounded cardinality from malicious referrers
return "other"
}
return eTLDPlus1