[Django] #25637: label and hostname length validation in URLValidator

8 views
Skip to first unread message

Django

unread,
Oct 29, 2015, 12:06:45 PM10/29/15
to django-...@googlegroups.com
#25637: label and hostname length validation in URLValidator
----------------------------------+--------------------
Reporter: DheerendraRathor | Owner: nobody
Type: Uncategorized | Status: new
Component: Core (Other) | Version: master
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
----------------------------------+--------------------
Length of labels in hostname (FQDN) should be <= 63 and total length of
hostname should be <= 253.

--
Ticket URL: <https://code.djangoproject.com/ticket/25637>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,
Oct 29, 2015, 2:09:27 PM10/29/15
to django-...@googlegroups.com
#25637: label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: nobody
Type: Cleanup/optimization | Status: new

Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by timgraham):

* needs_docs: => 0
* needs_better_patch: => 0
* type: Uncategorized => Cleanup/optimization
* needs_tests: => 0
* stage: Unreviewed => Accepted


--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:1>

Django

unread,
Oct 29, 2015, 2:09:38 PM10/29/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: nobody
Type: Cleanup/optimization | Status: new

Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:2>

Django

unread,
Nov 2, 2015, 11:46:35 AM11/2/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: nobody
Type: Cleanup/optimization | Status: new

Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by zborboa-google):

* cc: zborboa@… (added)


--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:3>

Django

unread,
Nov 2, 2015, 3:24:09 PM11/2/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: nobody
Type: Cleanup/optimization | Status: new

Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by raphaelmerx):

The label limit of 64 characters can be done like so:
{{{#!diff
diff --git a/django/core/validators.py b/django/core/validators.py
index 15b16bc..26ec822 100644
--- a/django/core/validators.py
+++ b/django/core/validators.py
@@ -83,7 +83,7 @@ class URLValidator(RegexValidator):
ipv6_re = r'\[[0-9a-f:\.]+\]' # (simple regex, validated later)

# Host patterns
- hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]*[a-z' + ul
+ r'0-9])?'
+ hostname_re = r'[a-z' + ul + r'0-9](?:[a-z' + ul + r'0-9-]{0,61}[a-z'
+ ul + r'0-9])?'
domain_re = r'(?:\.(?!-)[a-z' + ul + r'0-9-]+(?<!-))*'
tld_re = r'\.(?:[a-z' + ul + r']{2,}|xn--[a-z0-9]+)\.?'
host_re = '(' + hostname_re + domain_re + tld_re + '|localhost)'
diff --git a/tests/validators/tests.py b/tests/validators/tests.py
index ad82eb6..52002fe 100644
--- a/tests/validators/tests.py
+++ b/tests/validators/tests.py
@@ -214,6 +214,8 @@ TEST_DATA = [
# Trailing junk does not take forever to reject
(URLValidator(), 'http://www.asdasdasdasdsadfm.com.br ',
ValidationError),
(URLValidator(), 'http://www.asdasdasdasdsadfm.com.br z',
ValidationError),
+ # hostname label with length >= 64
+ (URLValidator(),
'http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa.a.com',
ValidationError),

(BaseValidator(True), True, None),
(BaseValidator(True), False, ValidationError),
}}}

The total length limit seems harder to implement.

--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:4>

Django

unread,
Nov 2, 2015, 3:57:18 PM11/2/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: nobody
Type: Cleanup/optimization | Status: new

Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by DheerendraRathor):

63 character limit should be applicable for domain name and TLD regex as
well. Total length limit can be implemented by checking the length of
`host_re` group. Also you should your test in `invalid_urls.txt`.

--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:5>

Django

unread,
Nov 7, 2015, 4:13:01 AM11/7/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: raphaelm
Type: Cleanup/optimization | Status: assigned

Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by raphaelm):

* status: new => assigned
* owner: nobody => raphaelm


--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:6>

Django

unread,
Nov 7, 2015, 5:27:15 AM11/7/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: raphaelm
Type: Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by raphaelm):

* has_patch: 0 => 1


Comment:

Pull request: https://github.com/django/django/pull/5566

--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:7>

Django

unread,
Nov 7, 2015, 5:55:10 AM11/7/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: raphaelm
Type: Cleanup/optimization | Status: assigned
Component: Core (Other) | Version: master
Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------

Comment (by raphaelm):

apollo13 asked on IRC whether the same length limits apply for IDN domain
names and yes, they do:
https://tools.ietf.org/html/rfc5890#section-2.3.2.1

--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:8>

Django

unread,
Dec 8, 2015, 3:47:14 PM12/8/15
to django-...@googlegroups.com
#25637: Add label and hostname length validation in URLValidator
--------------------------------------+------------------------------------
Reporter: DheerendraRathor | Owner: raphaelm
Type: Cleanup/optimization | Status: closed

Component: Core (Other) | Version: master
Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0

Easy pickings: 0 | UI/UX: 0
--------------------------------------+------------------------------------
Changes (by Tim Graham <timograham@…>):

* status: assigned => closed
* resolution: => fixed


Comment:

In [changeset:"82976e5c3f7abf20dfd4c3cc5aa586e57edef104" 82976e5c]:
{{{
#!CommitTicketReference repository=""
revision="82976e5c3f7abf20dfd4c3cc5aa586e57edef104"
Fixed #25637 -- Added URLValidator hostname length validation.

URLValidator now validates the maximum length of a hostname and the
maximum length of all labels inside the hostname.
}}}

--
Ticket URL: <https://code.djangoproject.com/ticket/25637#comment:9>

Reply all
Reply to author
Forward
0 new messages