Fixed #27793 -- Used stdlib's ipaddress module to validate IP addresses
Thanks Tim Graham for the review.
This commit is contained in:
parent
c688336ebc
commit
277a4dd4b4
|
@ -1,3 +1,4 @@
|
||||||
|
import ipaddress
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
from urllib.parse import urlsplit, urlunsplit
|
from urllib.parse import urlsplit, urlunsplit
|
||||||
|
@ -247,8 +248,12 @@ validate_unicode_slug = RegexValidator(
|
||||||
'invalid'
|
'invalid'
|
||||||
)
|
)
|
||||||
|
|
||||||
ipv4_re = _lazy_re_compile(r'^(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])(\.(25[0-5]|2[0-4][0-9]|[0-1]?[0-9]?[0-9])){3}\Z')
|
|
||||||
validate_ipv4_address = RegexValidator(ipv4_re, _('Enter a valid IPv4 address.'), 'invalid')
|
def validate_ipv4_address(value):
|
||||||
|
try:
|
||||||
|
ipaddress.IPv4Address(value)
|
||||||
|
except ValueError:
|
||||||
|
raise ValidationError(_('Enter a valid IPv4 address.'), code='invalid')
|
||||||
|
|
||||||
|
|
||||||
def validate_ipv6_address(value):
|
def validate_ipv6_address(value):
|
||||||
|
|
|
@ -1,7 +1,4 @@
|
||||||
# This code was mostly based on ipaddr-py
|
import ipaddress
|
||||||
# Copyright 2007 Google Inc. https://github.com/google/ipaddr-py
|
|
||||||
# Licensed under the Apache License, Version 2.0 (the "License").
|
|
||||||
import re
|
|
||||||
|
|
||||||
from django.core.exceptions import ValidationError
|
from django.core.exceptions import ValidationError
|
||||||
from django.utils.translation import ugettext_lazy as _
|
from django.utils.translation import ugettext_lazy as _
|
||||||
|
@ -10,13 +7,12 @@ from django.utils.translation import ugettext_lazy as _
|
||||||
def clean_ipv6_address(ip_str, unpack_ipv4=False,
|
def clean_ipv6_address(ip_str, unpack_ipv4=False,
|
||||||
error_message=_("This is not a valid IPv6 address.")):
|
error_message=_("This is not a valid IPv6 address.")):
|
||||||
"""
|
"""
|
||||||
Cleans an IPv6 address string.
|
Clean an IPv6 address string.
|
||||||
|
|
||||||
Validity is checked by calling is_valid_ipv6_address() - if an
|
Raise ValidationError if the address is invalid.
|
||||||
invalid address is passed, ValidationError is raised.
|
|
||||||
|
|
||||||
Replaces the longest continuous zero-sequence with "::" and
|
Replace the longest continuous zero-sequence with "::", remove leading
|
||||||
removes leading zeroes and makes sure all hextets are lowercase.
|
zeroes, and make sure all hextets are lowercase.
|
||||||
|
|
||||||
Args:
|
Args:
|
||||||
ip_str: A valid IPv6 address.
|
ip_str: A valid IPv6 address.
|
||||||
|
@ -24,125 +20,19 @@ def clean_ipv6_address(ip_str, unpack_ipv4=False,
|
||||||
return the plain IPv4 address (default=False).
|
return the plain IPv4 address (default=False).
|
||||||
error_message: An error message used in the ValidationError.
|
error_message: An error message used in the ValidationError.
|
||||||
|
|
||||||
Returns:
|
Return a compressed IPv6 address or the same value.
|
||||||
A compressed IPv6 address, or the same value
|
|
||||||
"""
|
"""
|
||||||
best_doublecolon_start = -1
|
try:
|
||||||
best_doublecolon_len = 0
|
addr = ipaddress.IPv6Address(int(ipaddress.IPv6Address(ip_str)))
|
||||||
doublecolon_start = -1
|
except ValueError:
|
||||||
doublecolon_len = 0
|
|
||||||
|
|
||||||
if not is_valid_ipv6_address(ip_str):
|
|
||||||
raise ValidationError(error_message, code='invalid')
|
raise ValidationError(error_message, code='invalid')
|
||||||
|
|
||||||
# This algorithm can only handle fully exploded
|
if unpack_ipv4 and addr.ipv4_mapped:
|
||||||
# IP strings
|
return str(addr.ipv4_mapped)
|
||||||
ip_str = _explode_shorthand_ip_string(ip_str)
|
elif addr.ipv4_mapped:
|
||||||
|
return '::ffff:%s' % str(addr.ipv4_mapped)
|
||||||
|
|
||||||
ip_str = _sanitize_ipv4_mapping(ip_str)
|
return str(addr)
|
||||||
|
|
||||||
# If needed, unpack the IPv4 and return straight away
|
|
||||||
# - no need in running the rest of the algorithm
|
|
||||||
if unpack_ipv4:
|
|
||||||
ipv4_unpacked = _unpack_ipv4(ip_str)
|
|
||||||
|
|
||||||
if ipv4_unpacked:
|
|
||||||
return ipv4_unpacked
|
|
||||||
|
|
||||||
hextets = ip_str.split(":")
|
|
||||||
|
|
||||||
for index in range(len(hextets)):
|
|
||||||
# Remove leading zeroes
|
|
||||||
if '.' not in hextets[index]:
|
|
||||||
hextets[index] = hextets[index].lstrip('0')
|
|
||||||
if not hextets[index]:
|
|
||||||
hextets[index] = '0'
|
|
||||||
|
|
||||||
# Determine best hextet to compress
|
|
||||||
if hextets[index] == '0':
|
|
||||||
doublecolon_len += 1
|
|
||||||
if doublecolon_start == -1:
|
|
||||||
# Start of a sequence of zeros.
|
|
||||||
doublecolon_start = index
|
|
||||||
if doublecolon_len > best_doublecolon_len:
|
|
||||||
# This is the longest sequence of zeros so far.
|
|
||||||
best_doublecolon_len = doublecolon_len
|
|
||||||
best_doublecolon_start = doublecolon_start
|
|
||||||
else:
|
|
||||||
doublecolon_len = 0
|
|
||||||
doublecolon_start = -1
|
|
||||||
|
|
||||||
# Compress the most suitable hextet
|
|
||||||
if best_doublecolon_len > 1:
|
|
||||||
best_doublecolon_end = (best_doublecolon_start +
|
|
||||||
best_doublecolon_len)
|
|
||||||
# For zeros at the end of the address.
|
|
||||||
if best_doublecolon_end == len(hextets):
|
|
||||||
hextets += ['']
|
|
||||||
hextets[best_doublecolon_start:best_doublecolon_end] = ['']
|
|
||||||
# For zeros at the beginning of the address.
|
|
||||||
if best_doublecolon_start == 0:
|
|
||||||
hextets = [''] + hextets
|
|
||||||
|
|
||||||
result = ":".join(hextets)
|
|
||||||
|
|
||||||
return result.lower()
|
|
||||||
|
|
||||||
|
|
||||||
def _sanitize_ipv4_mapping(ip_str):
|
|
||||||
"""
|
|
||||||
Sanitize IPv4 mapping in an expanded IPv6 address.
|
|
||||||
|
|
||||||
This converts ::ffff:0a0a:0a0a to ::ffff:10.10.10.10.
|
|
||||||
If there is nothing to sanitize, returns an unchanged
|
|
||||||
string.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
ip_str: A string, the expanded IPv6 address.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
The sanitized output string, if applicable.
|
|
||||||
"""
|
|
||||||
if not ip_str.lower().startswith('0000:0000:0000:0000:0000:ffff:'):
|
|
||||||
# not an ipv4 mapping
|
|
||||||
return ip_str
|
|
||||||
|
|
||||||
hextets = ip_str.split(':')
|
|
||||||
|
|
||||||
if '.' in hextets[-1]:
|
|
||||||
# already sanitized
|
|
||||||
return ip_str
|
|
||||||
|
|
||||||
ipv4_address = "%d.%d.%d.%d" % (
|
|
||||||
int(hextets[6][0:2], 16),
|
|
||||||
int(hextets[6][2:4], 16),
|
|
||||||
int(hextets[7][0:2], 16),
|
|
||||||
int(hextets[7][2:4], 16),
|
|
||||||
)
|
|
||||||
|
|
||||||
result = ':'.join(hextets[0:6])
|
|
||||||
result += ':' + ipv4_address
|
|
||||||
|
|
||||||
return result
|
|
||||||
|
|
||||||
|
|
||||||
def _unpack_ipv4(ip_str):
|
|
||||||
"""
|
|
||||||
Unpack an IPv4 address that was mapped in a compressed IPv6 address.
|
|
||||||
|
|
||||||
This converts 0000:0000:0000:0000:0000:ffff:10.10.10.10 to 10.10.10.10.
|
|
||||||
If there is nothing to sanitize, returns None.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
ip_str: A string, the expanded IPv6 address.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
The unpacked IPv4 address, or None if there was nothing to unpack.
|
|
||||||
"""
|
|
||||||
if not ip_str.lower().startswith('0000:0000:0000:0000:0000:ffff:'):
|
|
||||||
return None
|
|
||||||
|
|
||||||
return ip_str.rsplit(':', 1)[1]
|
|
||||||
|
|
||||||
|
|
||||||
def is_valid_ipv6_address(ip_str):
|
def is_valid_ipv6_address(ip_str):
|
||||||
|
@ -155,118 +45,8 @@ def is_valid_ipv6_address(ip_str):
|
||||||
Returns:
|
Returns:
|
||||||
A boolean, True if this is a valid IPv6 address.
|
A boolean, True if this is a valid IPv6 address.
|
||||||
"""
|
"""
|
||||||
from django.core.validators import validate_ipv4_address
|
|
||||||
|
|
||||||
symbols_re = re.compile(r'^[0-9a-fA-F:.]+$')
|
|
||||||
if not symbols_re.match(ip_str):
|
|
||||||
return False
|
|
||||||
|
|
||||||
# We need to have at least one ':'.
|
|
||||||
if ':' not in ip_str:
|
|
||||||
return False
|
|
||||||
|
|
||||||
# We can only have one '::' shortener.
|
|
||||||
if ip_str.count('::') > 1:
|
|
||||||
return False
|
|
||||||
|
|
||||||
# '::' should be encompassed by start, digits or end.
|
|
||||||
if ':::' in ip_str:
|
|
||||||
return False
|
|
||||||
|
|
||||||
# A single colon can neither start nor end an address.
|
|
||||||
if ((ip_str.startswith(':') and not ip_str.startswith('::')) or
|
|
||||||
(ip_str.endswith(':') and not ip_str.endswith('::'))):
|
|
||||||
return False
|
|
||||||
|
|
||||||
# We can never have more than 7 ':' (1::2:3:4:5:6:7:8 is invalid)
|
|
||||||
if ip_str.count(':') > 7:
|
|
||||||
return False
|
|
||||||
|
|
||||||
# If we have no concatenation, we need to have 8 fields with 7 ':'.
|
|
||||||
if '::' not in ip_str and ip_str.count(':') != 7:
|
|
||||||
# We might have an IPv4 mapped address.
|
|
||||||
if ip_str.count('.') != 3:
|
|
||||||
return False
|
|
||||||
|
|
||||||
ip_str = _explode_shorthand_ip_string(ip_str)
|
|
||||||
|
|
||||||
# Now that we have that all squared away, let's check that each of the
|
|
||||||
# hextets are between 0x0 and 0xFFFF.
|
|
||||||
for hextet in ip_str.split(':'):
|
|
||||||
if hextet.count('.') == 3:
|
|
||||||
# If we have an IPv4 mapped address, the IPv4 portion has to
|
|
||||||
# be at the end of the IPv6 portion.
|
|
||||||
if not ip_str.split(':')[-1] == hextet:
|
|
||||||
return False
|
|
||||||
try:
|
try:
|
||||||
validate_ipv4_address(hextet)
|
ipaddress.IPv6Address(ip_str)
|
||||||
except ValidationError:
|
|
||||||
return False
|
|
||||||
else:
|
|
||||||
try:
|
|
||||||
# a value error here means that we got a bad hextet,
|
|
||||||
# something like 0xzzzz
|
|
||||||
if int(hextet, 16) < 0x0 or int(hextet, 16) > 0xFFFF:
|
|
||||||
return False
|
|
||||||
except ValueError:
|
except ValueError:
|
||||||
return False
|
return False
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
|
||||||
def _explode_shorthand_ip_string(ip_str):
|
|
||||||
"""
|
|
||||||
Expand a shortened IPv6 address.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
ip_str: A string, the IPv6 address.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
A string, the expanded IPv6 address.
|
|
||||||
"""
|
|
||||||
if not _is_shorthand_ip(ip_str):
|
|
||||||
# We've already got a longhand ip_str.
|
|
||||||
return ip_str
|
|
||||||
|
|
||||||
hextet = ip_str.split('::')
|
|
||||||
|
|
||||||
# If there is a ::, we need to expand it with zeroes
|
|
||||||
# to get to 8 hextets - unless there is a dot in the last hextet,
|
|
||||||
# meaning we're doing v4-mapping
|
|
||||||
if '.' in ip_str.split(':')[-1]:
|
|
||||||
fill_to = 7
|
|
||||||
else:
|
|
||||||
fill_to = 8
|
|
||||||
|
|
||||||
if len(hextet) > 1:
|
|
||||||
sep = len(hextet[0].split(':')) + len(hextet[1].split(':'))
|
|
||||||
new_ip = hextet[0].split(':')
|
|
||||||
|
|
||||||
for __ in range(fill_to - sep):
|
|
||||||
new_ip.append('0000')
|
|
||||||
new_ip += hextet[1].split(':')
|
|
||||||
|
|
||||||
else:
|
|
||||||
new_ip = ip_str.split(':')
|
|
||||||
|
|
||||||
# Now need to make sure every hextet is 4 lower case characters.
|
|
||||||
# If a hextet is < 4 characters, we've got missing leading 0's.
|
|
||||||
ret_ip = []
|
|
||||||
for hextet in new_ip:
|
|
||||||
ret_ip.append(('0' * (4 - len(hextet)) + hextet).lower())
|
|
||||||
return ':'.join(ret_ip)
|
|
||||||
|
|
||||||
|
|
||||||
def _is_shorthand_ip(ip_str):
|
|
||||||
"""Determine if the address is shortened.
|
|
||||||
|
|
||||||
Args:
|
|
||||||
ip_str: A string, the IPv6 address.
|
|
||||||
|
|
||||||
Returns:
|
|
||||||
A boolean, True if the address is shortened.
|
|
||||||
"""
|
|
||||||
if ip_str.count('::') == 1:
|
|
||||||
return True
|
|
||||||
if any(len(x) < 4 for x in ip_str.split(':')):
|
|
||||||
return True
|
|
||||||
return False
|
|
||||||
|
|
Loading…
Reference in New Issue