search

publicsuffix / list

The Public Suffix List
https://publicsuffix.org/
Mozilla Public License 2.0
1.97k stars 1.2k forks source link

AWS Submissions to the Public Suffix List - Q2 2024 #1954

Closed aph3rson closed 1 month ago

aph3rson commented 4 months ago

Public Suffix List (PSL) Pull Request (PR) Template

Each PSL PR needs to have a description, rationale, indication of DNS validation and syntax checking, as well as a number of acknowledgements from the submitter. This template must be included with each PR, and the submitting party MUST provide responses to all of the elements in order to be considered.

Checklist of required steps

Submitter affirms the following:

For Private section requests that are submitting entries for domains that match their organization website's primary domain, please understand that this can have impacts that may not match the desired outcome and take a long time to rollback, if at all.

To ensure that requested changes are entirely intentional, make sure that you read the affectation and propagation expectations, that you understand them, and confirm this understanding.

PR Rollbacks have lower priority, and the volunteers are unable to control when or if browsers or other parties using the PSL will refresh or update.

(Link: about propagation/expectations)

Description of Organization

Amazon Web Services (AWS) is the world’s most comprehensive and broadly adopted cloud, offering over 200 fully featured services from data centers globally. More information about AWS is available on our website: What is AWS?

Organization Website: AWS Homepage

Reason for PSL Inclusion

These features/services have been identified by AWS Security and AWS service teams as supporting different distinct customers/resources across shared DNS suffixes. Adding these suffixes to the PSL is expected to improve the security posture of customers using our services. This may include:

Number of users this request is being made to serve:

These changes are expected to impact all customers using these AWS services. This includes both AWS-internal and external customers. Specific user counts for these listed features/services are not publicly available.

Services/Features in PR:

DNS Verification via dig

DNS query results ``` amplifyapp.com: dig +short -t TXT _psl.amplifyapp.com "https://github.com/publicsuffix/list/pull/1954" auth.ap-east-1.amazoncognito.com: dig +short -t TXT _psl.auth.ap-east-1.amazoncognito.com "https://github.com/publicsuffix/list/pull/1954" auth.ca-west-1.amazoncognito.com: dig +short -t TXT _psl.auth.ca-west-1.amazoncognito.com "https://github.com/publicsuffix/list/pull/1954" *.ap-northeast-3.airflow.amazonaws.com: dig +short -t TXT _psl.ap-northeast-3.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.ap-south-2.airflow.amazonaws.com: dig +short -t TXT _psl.ap-south-2.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.ap-southeast-3.airflow.amazonaws.com: dig +short -t TXT _psl.ap-southeast-3.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.ap-southeast-4.airflow.amazonaws.com: dig +short -t TXT _psl.ap-southeast-4.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.ca-west-1.airflow.amazonaws.com: dig +short -t TXT _psl.ca-west-1.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.eu-central-2.airflow.amazonaws.com: dig +short -t TXT _psl.eu-central-2.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.eu-south-2.airflow.amazonaws.com: dig +short -t TXT _psl.eu-south-2.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.il-central-1.airflow.amazonaws.com: dig +short -t TXT _psl.il-central-1.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.me-central-1.airflow.amazonaws.com: dig +short -t TXT _psl.me-central-1.airflow.amazonaws.com "https://github.com/publicsuffix/list/pull/1954" *.experiments.sagemaker.aws: dig +short -t TXT _psl.experiments.sagemaker.aws "https://github.com/publicsuffix/list/pull/1954" ```

Results of Syntax Checker (make test)

Test results ``` cd linter; \ ./pslint_selftest.sh; \ ./pslint.py ../public_suffix_list.dat; test_allowedchars: OK test_dots: OK test_duplicate: OK test_exception: OK test_NFKC: OK test_punycode: OK test_section1: OK test_section2: OK test_section3: OK test_section4: OK test_spaces: OK test_wildcard: OK test -d libpsl || git clone --depth=1 https://github.com/rockdaboot/libpsl; \ cd libpsl; \ git pull; \ echo "EXTRA_DIST =" > gtk-doc.make; \ echo "CLEANFILES =" >> gtk-doc.make; \ autoreconf --install --force --symlink; Updating 477c582..490bd6f Fast-forward .github/workflows/unit-tests.yml | 48 +++++++ .travis.yml | 59 -------- .travis_coveralls.sh | 6 - COPYING | 2 +- LICENSE | 2 +- NEWS | 14 +- README.md | 43 +++--- configure.ac | 24 +--- contrib/check-hard | 2 +- contrib/check-hard-meson | 2 +- contrib/mingw.static | 55 ++++++++ docs/libpsl/meson.build | 14 +- fuzz/fuzzer.h | 2 +- fuzz/libpsl_fuzzer.c | 2 +- fuzz/libpsl_load_dafsa_fuzzer.c | 2 +- fuzz/libpsl_load_fuzzer.c | 2 +- fuzz/main.c | 2 +- fuzz/run-afl.sh | 2 +- fuzz/run-clang.sh | 2 +- include/libpsl.h.in | 2 +- libpsl.pc.in | 1 + libtool_version_info.txt | 2 +- list | 2 +- m4/absolute-header.m4 | 100 ++++++++++++++ m4/libunistring.m4 | 143 ++++++++++++++++++++ meson.build | 8 +- msvc/config-msvc.mak.in | 2 +- msvc/config.h.win32.in | 3 - src/Makefile.am | 4 +- src/psl.c | 224 ++++++++++++++++++++++--------- tests/Makefile.am | 7 + tests/common.c | 48 +++++++ tests/common.h | 38 ++++++ tests/meson.build | 14 +- tests/test-is-cookie-domain-acceptable.c | 28 +--- tests/test-is-public-all.c | 16 +-- tests/test-is-public-builtin.c | 12 +- tests/test-is-public.c | 12 +- tests/test-registrable-domain.c | 18 +-- tools/psl.c | 34 ++--- version.txt | 2 +- 41 files changed, 709 insertions(+), 296 deletions(-) create mode 100644 .github/workflows/unit-tests.yml delete mode 100644 .travis.yml delete mode 100755 .travis_coveralls.sh create mode 100755 contrib/mingw.static create mode 100644 m4/absolute-header.m4 create mode 100644 m4/libunistring.m4 create mode 100644 tests/common.c create mode 100644 tests/common.h autopoint: using AM_GNU_GETTEXT_REQUIRE_VERSION instead of AM_GNU_GETTEXT_VERSION libtoolize: putting auxiliary files in AC_CONFIG_AUX_DIR, 'build-aux'. libtoolize: linking file 'build-aux/ltmain.sh' libtoolize: putting macros in AC_CONFIG_MACRO_DIRS, 'm4'. libtoolize: linking file 'm4/libtool.m4' libtoolize: linking file 'm4/ltoptions.m4' libtoolize: linking file 'm4/ltsugar.m4' libtoolize: linking file 'm4/ltversion.m4' libtoolize: linking file 'm4/lt~obsolete.m4' cd libpsl && ./configure -q -C --enable-runtime=libicu --enable-builtin=libicu --with-psl-file=/__fake__/public_suffix_list.dat --with-psl-testfile=/__fake__/tests/tests.txt && make -s clean && make -s check -j4 config.status: creating po/POTFILES config.status: creating po/Makefile Making clean in po Making clean in include Making clean in src rm -f ./so_locations Making clean in tools rm -f psl Making clean in fuzz rm -f libpsl_icu_fuzzer libpsl_icu_load_fuzzer libpsl_icu_load_dafsa_fuzzer Making clean in tests rm -f test-is-public test-is-public-all test-is-cookie-domain-acceptable test-is-public-builtin test-registrable-domain Making clean in msvc Making check in po Making check in include Making check in src CC libpsl_la-psl.lo CC libpsl_la-lookup_string_in_fixed_set.lo CCLD libpsl.la Making check in tools CC psl.o CCLD psl Making check in fuzz CC libpsl_fuzzer.o CC main.o CC libpsl_load_fuzzer.o CC libpsl_load_dafsa_fuzzer.o CCLD libpsl_icu_fuzzer CCLD libpsl_icu_load_fuzzer CCLD libpsl_icu_load_dafsa_fuzzer PASS: libpsl_icu_fuzzer PASS: libpsl_icu_load_dafsa_fuzzer PASS: libpsl_icu_load_fuzzer ============================================================================ Testsuite summary for libpsl 0.21.5 ============================================================================ # TOTAL: 3 # PASS: 3 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ============================================================================ Making check in tests CC test-is-public.o CC common.o CC test-is-public-all.o CC test-is-cookie-domain-acceptable.o CC test-is-public-builtin.o CC test-registrable-domain.o CCLD test-is-public CCLD test-is-cookie-domain-acceptable CCLD test-is-public-builtin CCLD test-is-public-all CCLD test-registrable-domain PASS: test-is-public-builtin PASS: test-is-public PASS: test-is-cookie-domain-acceptable PASS: test-registrable-domain PASS: test-is-public-all ============================================================================ Testsuite summary for libpsl 0.21.5 ============================================================================ # TOTAL: 5 # PASS: 5 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 ============================================================================ Making check in msvc ```
aph3rson commented 1 month ago

@dnsguru / @simon-friedberger - AWS has completed this pull request, and it is now ready for review.

We have changed the status from Draft to Open to reflect this. This PR should now be considered in the queue for review.

Thanks!

dnsguru commented 1 month ago

Thanks @aph3rson - and are all _PSL txt good to go?

aph3rson commented 1 month ago

@dnsguru:

are all _PSL txt good to go?

Should be, yes. We have DNS verification evidence in the pull request. (This pull request is not impacted by my thread on the mailing list today.

simon-friedberger commented 1 month ago

DNS entries look good. Some expiration days are not >2y but I don't think we need that heuristic in this case.