feat(psl): add DAFSA-format Public Suffix List reader#215
Merged
Conversation
AlfioEmanueleFresta
force-pushed
the
issue-210-dafsa-psl
branch
from
1179d97 to
00b7b74
Compare
AlfioEmanueleFresta
changed the title
msirringhaus
approved these changes
May 18, 2026
Collaborator
msirringhaus
left a comment
msirringhaus
left a comment
There was a problem hiding this comment.
In principle ok. Some smaller nitpicks and questions, but ok as is.
Pure code move with no behavior change. Splits the single-file PSL module into a directory layout to make room for additional reader implementations. The trait and MockPublicSuffixList stay in mod.rs; DatFilePublicSuffixList moves to dat.rs.
Adds a safe-Rust reader for libpsl's binary .dafsa file format. The reader ports LookupStringInFixedSet from libpsl's lookup_string_in_fixed_set.c (BSD-licensed by The Chromium Authors), translating the byte-coded DAFSA walk to safe Rust without unsafe or extra dependencies. Closes the Fedora gap from issue #210: Fedora ships only the .dafsa file by default (via publicsuffix-list-dafsa, which libpsl requires). Tests cover plain rules, wildcard, exception, private section, and the file-header parser edge cases. The fixture was generated by libpsl's psl-make-dafsa script from a small synthetic PSL.
Auto-detects which system-managed PSL file is available, preferring .dafsa over .dat. Returns SystemLoadError::NoneFound listing the paths tried if neither is present. Includes an integration test gated by LIBWEBAUTHN_PSL_SYSTEM_TEST=1 that loads the real system PSL and validates lookups against common suffixes. The gating env var is intentional so that local 'cargo test' runs do not require any package to be installed.
Switches the three ceremony examples (cable, hid, nfc) to the auto-detecting loader so they work out of the box on Fedora (where only .dafsa is shipped) and on Debian/Ubuntu/Arch. Also re-exports the new public types (SystemPublicSuffixList, DafsaFilePublicSuffixList, etc.) from ops::webauthn alongside the existing DatFilePublicSuffixList for callers wiring the list themselves.
Updates the Runtime requirements section to reflect that the loader now auto-detects the .dafsa format alongside .dat, and explains which package ships which format on each distribution.
apt-get installs Debian's publicsuffix package (ships both .dat and .dafsa). Sets LIBWEBAUTHN_PSL_SYSTEM_TEST=1 on the test step so the SystemPublicSuffixList::auto() integration test runs against the real system file in CI.
Crate denies clippy::expect_used outside tests; the version parse now propagates BadMagic on UTF-8 failure even though the bytes were already validated as ASCII digits. Also rustfmt reflow of test code.
Module docs now call out the two intentional deviations from libpsl's psl_is_public_suffix: no prevailing-star rule for unknown single-label TLDs (so localhost works as its own rp.id), and no multibyte key support (WebAuthn only ever passes IDN-ASCII, and the DAFSA stores IDN rules in punycode form regardless of encoding mode). Test comment for the exception-overrides-wildcard case rewritten to describe the actual lookup chain rather than conflating two mechanisms.
Replace the raw graph indexing and the over-strict `*pos + 2 >= end` guard with .get() lookups and checked_add for the offset accumulator. The old guard rejected structurally-valid 1- and 2-byte offset codes at the end of the graph and could overflow usize on `*pos + 2`; the new form is panic-free by construction and accepts those codes.
DafsaFilePublicSuffixList and MockPublicSuffixList had byte-identical registrable_domain impls expressed purely in terms of public_suffix. Move that body to a default method on PublicSuffixList; DatFilePublicSuffixList keeps its override (it uses the publicsuffix crate's own root()).
Add a module-scoped deny(clippy::indexing_slicing) for non-test code, mirroring the crate-wide lint planned in #207, as an interim guard. Replace the remaining panic-capable slice indexing in parse_header, is_public_suffix and public_suffix with split_at_checked, starts_with, last, .get() and split_once. Behaviour is unchanged (verified by the existing unit tests and the gated system-file test).
AlfioEmanueleFresta
force-pushed
the
issue-210-dafsa-psl
branch
from
00b7b74 to
b98aa45
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Closes #210.
Adds a safe-Rust reader for libpsl's binary
.dafsaPSL file and an auto-detectingSystemPublicSuffixList::auto()loader that probes.dafsathen.dat. Fixes the Fedora default-install gap where only.dafsais shipped.The DAFSA lookup is a port of
LookupStringInFixedSet; format is described inpsl-make-dafsa. No new runtime deps.Test plan