security issue: BigQuery project name contains misleading ".org" suffix



In the file [`auto_sizing/targets.py`]

(https://github.com/mozilla/auto-sizing/blob/098495e2eca34bac1ea683f9df10530de2dd4002/auto_sizing/targets.py#L145):

```
from_expr="`moz-fx-data-shared-prod.org_mozilla_ios_firefox.baseline_clients_first_seen`"
```

The string moz-fx-data-shared-prod.org looks like a real domain, and in fact:

The domain [moz-fx-data-shared-prod.org]

(https://www.namecheap.com/domains/registration/results/?domain=moz-fx-data-shared-prod.org) is currently available for registration on Namecheap.

This is not a security vulnerability, but a naming confusion risk:

Contributors may mistakenly search for documentation at moz-fx-data-shared-prod.org.
Creates a very weak social engineering vector (e.g., manual phishing if someone visits the domain).


<img width="2880" height="1623" alt="Image" src="https://github.com/user-attachments/assets/caa98062-1aac-4c76-96e5-b2094af1eb09" />

<img width="2880" height="1635" alt="Image" src="https://github.com/user-attachments/assets/f55ca8d5-56eb-476f-83a0-d49fadf05246" />

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

security issue: BigQuery project name contains misleading ".org" suffix #82

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

security issue: BigQuery project name contains misleading ".org" suffix #82

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions