#23025 closed Uncategorized (wontfix)
URLValidator allows for invalid IPv4 addresses
| Reported by: | Owned by: | nobody | |
|---|---|---|---|
| Component: | Uncategorized | Version: | 1.6 |
| Severity: | Normal | Keywords: | |
| Cc: | Triage Stage: | Unreviewed | |
| Has patch: | no | Needs documentation: | no |
| Needs tests: | no | Patch needs improvement: | no |
| Easy pickings: | no | UI/UX: | no |
Description
The current URLValidator allows for invalid IPV4 addresses to pass
IPV4 addresses in dot-notation can have a max value of 255 in each of the octets. The validator only checks for the presence of 4 octets, so just typing in all 9s 999.999.999.999 tricks the test
tests/validators/tests.py should trigger a ValidationError on cases like this:
(URLValidator(), 'http://266.266.266.266', ValidationError),
(URLValidator(), 'http://999.999.999.999', ValidationError),
Change History (1)
comment:1 by , 10 years ago
| Resolution: | → wontfix |
|---|---|
| Status: | new → closed |
Version 0, edited 10 years ago by (next)
Note:
See TracTickets
for help on using tickets.
Same goes for IPv6 and domain names which are semantically valid but don't exist (eg http://www.bababababababababa.com/) -- the validator is ment to perform a quick and basic validation, nothing bulletproof. If you it to be exact you should write your own validator which actually checks if the host is alive etc…