[Django] #23025: URLValidator allows for invalid IPv4 addresses
Django
-------------------------------+--------------------
Reporter: jonathan@… | Owner: nobody
Type: Uncategorized | Status: new
Component: Uncategorized | Version: 1.6
Severity: Normal | Keywords:
Triage Stage: Unreviewed | Has patch: 0
Easy pickings: 0 | UI/UX: 0
-------------------------------+--------------------
The current URLValidator allows for invalid IPV4 addresses to pass
IPV4 addresses in dot-notation can have a max value of 255 in each of the
octets. The validator only checks for the presence of 4 octets, so just
typing in all 9s `999.999.999.999` tricks the test
tests/validators/tests.py should trigger a ValidationError on cases like
this:
(URLValidator(), 'http://266.266.266.266', ValidationError),
(URLValidator(), 'http://999.999.999.999', ValidationError),
--
Ticket URL: <https://code.djangoproject.com/ticket/23025>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Django
Reporter: jonathan@… | Owner: nobody
Type: Uncategorized | Status: closed
Component: Uncategorized | Version: 1.6
Severity: Normal | Resolution: wontfix
Keywords: | Triage Stage: Unreviewed
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0
Changes (by apollo13):
* status: new => closed
* needs_better_patch: => 0
* resolution: => wontfix
* needs_tests: => 0
* needs_docs: => 0
Comment:
Same goes for IPv6 and domain names which are semantically valid but don't
exist (eg http://www.bababababababababa.com/) -- the validator is ment to
perform a quick and basic validation, nothing bulletproof. If you it to be
exact you should write your own validator which actually checks if the
host is alive etc…
--
Ticket URL: <https://code.djangoproject.com/ticket/23025#comment:1>