Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#23025 closed Uncategorized (wontfix)

URLValidator allows for invalid IPv4 addresses

Reported by: jonathan@… Owned by: nobody
Component: Uncategorized Version: 1.6
Severity: Normal Keywords:
Cc: Triage Stage: Unreviewed
Has patch: no Needs documentation: no
Needs tests: no Patch needs improvement: no
Easy pickings: no UI/UX: no

Description

The current URLValidator allows for invalid IPV4 addresses to pass

IPV4 addresses in dot-notation can have a max value of 255 in each of the octets. The validator only checks for the presence of 4 octets, so just typing in all 9s 999.999.999.999 tricks the test

tests/validators/tests.py should trigger a ValidationError on cases like this:

(URLValidator(), 'http://266.266.266.266', ValidationError),
(URLValidator(), 'http://999.999.999.999', ValidationError),

Change History (1)

comment:1 Changed 2 years ago by Florian Apolloner

Resolution: wontfix
Status: newclosed

Same goes for IPv6 and domain names which are semantically valid but don't exist (eg http://www.bababababababababa.com/) -- the validator is ment to perform a quick and basic validation, nothing bulletproof (it's also the best we can do without writing an overly crazy regex). If you need it to be exact you should write your own validator which actually checks if the host is alive etc…

Last edited 2 years ago by Florian Apolloner (previous) (diff)
Note: See TracTickets for help on using tickets.
Back to Top