Opened 14 months ago

Closed 14 months ago

Last modified 14 months ago

#23025 closed Uncategorized (wontfix)

URLValidator allows for invalid IPv4 addresses

Reported by: jonathan@… Owned by: nobody
Component: Uncategorized Version: 1.6
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The current URLValidator allows for invalid IPV4 addresses to pass

IPV4 addresses in dot-notation can have a max value of 255 in each of the octets. The validator only checks for the presence of 4 octets, so just typing in all 9s 999.999.999.999 tricks the test

tests/validators/tests.py should trigger a ValidationError on cases like this:

(URLValidator(), 'http://266.266.266.266', ValidationError),
(URLValidator(), 'http://999.999.999.999', ValidationError),

Change History (1)

comment:1 Changed 14 months ago by apollo13

  • Needs documentation unset
  • Needs tests unset
  • Patch needs improvement unset
  • Resolution set to wontfix
  • Status changed from new to closed

Same goes for IPv6 and domain names which are semantically valid but don't exist (eg http://www.bababababababababa.com/) -- the validator is ment to perform a quick and basic validation, nothing bulletproof (it's also the best we can do without writing an overly crazy regex). If you need it to be exact you should write your own validator which actually checks if the host is alive etc…

Last edited 14 months ago by apollo13 (previous) (diff)
Note: See TracTickets for help on using tickets.
Back to Top