|
49 | 49 | - **Hostnames, FQDNs, or domains** that are NOT: |
50 | 50 | - Netwrix domains (netwrix.com, stealthbits.com, anixis.com) |
51 | 51 | - Microsoft/vendor domains (microsoft.com, azure.com, office365.com, github.com, etc.) |
52 | | - - Generic documentation examples (example.com, contoso.com, fabrikam.com, northwind.com) |
| 52 | + - RFC 6761 special-use domains (example.com, example.net, example.org, *.example, *.test, *.localhost, *.local, *.invalid) |
| 53 | + - Microsoft example domains (contoso.com, fabrikam.com, northwind.com, tailspintoys.com) |
53 | 54 | - **IP addresses** that appear to be real customer infrastructure (not obviously generic like 192.0.2.x) |
54 | 55 | - **MAC addresses** |
55 | 56 | - **Server names or computer names** that look customer-specific (not generic like "server1", "dc01") |
|
86 | 87 |
|
87 | 88 | - Netwrix product domains and infrastructure |
88 | 89 | - Microsoft example domains (contoso.com, fabrikam.com, northwind.com, tailspintoys.com) |
89 | | - - Generic placeholders like "example.com", "domain.com", "company.com" |
| 90 | + - RFC 6761 special-use domains and their subdomains: |
| 91 | + - example.com, example.net, example.org, *.example |
| 92 | + - *.test (e.g., mycompany.test, server.test) |
| 93 | + - *.localhost (e.g., api.localhost, dev.localhost) |
| 94 | + - *.local (e.g., printer.local, fileserver.local) |
| 95 | + - *.invalid (e.g., invalid.invalid, badhost.invalid) |
| 96 | + - Generic placeholders like "domain.com", "company.com" |
90 | 97 | - RFC 5737 documentation IP addresses (192.0.2.x, 198.51.100.x, 203.0.113.x) |
91 | 98 | - Generic server names (server1, dc01, web-server, etc.) |
92 | 99 | - Generic usernames (admin, testuser, john.doe, jane.smith) |
@@ -118,17 +125,24 @@ jobs: |
118 | 125 | ### Review Checklist |
119 | 126 |
|
120 | 127 | Before merging this PR, please verify: |
121 | | - - [ ] All hostnames and domains are either Netwrix-owned, well-known vendors, or generic examples |
| 128 | + - [ ] All hostnames and domains are either Netwrix-owned, well-known vendors, or RFC 6761 special-use domains (*.example, *.test, *.localhost, *.local, *.invalid) |
122 | 129 | - [ ] No customer-specific email addresses or usernames are present |
123 | | - - [ ] IP addresses are either RFC 5737 documentation IPs or clearly generic examples |
| 130 | + - [ ] IP addresses are either RFC 5737 documentation IPs (192.0.2.x, 198.51.100.x, 203.0.113.x) or clearly generic examples |
124 | 131 | - [ ] File paths and URLs do not reference real customer systems |
125 | 132 | - [ ] Log snippets have been sanitized of customer-identifying information |
126 | 133 | - [ ] No license keys, tokens, or credentials are exposed |
127 | 134 |
|
128 | 135 | ### Need Help? |
129 | 136 |
|
130 | | - - Replace customer domains with: `example.com`, `contoso.com`, `fabrikam.com` |
131 | | - - Replace customer IPs with: `192.0.2.1`, `198.51.100.1`, `203.0.113.1` |
| 137 | + **RFC 6761 Compliant Domain Replacements:** |
| 138 | + - Replace customer domains with: `example.com`, `example.net`, `example.org`, `company.test`, `mycompany.test` |
| 139 | + - Replace customer subdomains with: `mail.example.com`, `server.example.org`, `app.test` |
| 140 | + - Use Microsoft examples: `contoso.com`, `fabrikam.com`, `northwind.com`, `tailspintoys.com` |
| 141 | + - For localhost scenarios: `api.localhost`, `dev.localhost` |
| 142 | + - For invalid examples: `invalid.invalid`, `badhost.invalid` |
| 143 | +
|
| 144 | + **Other Replacements:** |
| 145 | + - Replace customer IPs with: `192.0.2.1`, `198.51.100.1`, `203.0.113.1` (RFC 5737) |
132 | 146 | - Replace customer servers with: `server01`, `dc01`, `web-server01` |
133 | 147 | - Replace customer accounts with: `testuser`, `serviceaccount`, `domain\admin` |
134 | 148 | - Replace GUIDs with: `<credential-id>`, `<guid>`, or obviously fake ones |
|
0 commit comments