Commit Graph

11 Commits

Author SHA1 Message Date
Mariusz Felisiak e1d787f1b3 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
2021-06-02 10:58:39 +02:00
Dennis Schwertel 4070d6ceb0 Fixed #31267 -- Added tests cases with empty username or password for URLValidator.
Follow up to cdcf4164be.
2020-02-13 08:32:20 +01:00
Tim Bell cdcf4164be Fixed #29528 -- Made URLValidator reject invalid characters in the username and password. 2018-07-23 10:30:01 -04:00
Christopher Grebs a9e188ccd6 Fixed #26119 -- Fixed URLValidator crash on URLs with brackets. 2016-06-28 15:43:43 -04:00
Tim Graham b1afebf882 Fixed #26204 -- Reallowed dashes in top-level domains for URLValidator.
Thanks Shai Berger for the review.
2016-02-18 19:06:49 -05:00
Raphael Michel 82976e5c3f Fixed #25637 -- Added URLValidator hostname length validation.
URLValidator now validates the maximum length of a hostname and the
maximum length of all labels inside the hostname.
2015-12-08 15:46:45 -05:00
Dheerendra Rathor 96fe90f535 Fixed #25620 -- Made URLValidator prohibit URLs with consecutive dots in the domain section. 2015-10-29 10:59:22 -04:00
Shai Berger 17d3a6d804 Fixed catastrophic backtracking in URLValidator.
Thanks João Silva for reporting the problem and Tim Graham for finding the
problematic RE and for review.

This is a security fix; disclosure to follow shortly.
2015-07-08 15:23:03 -04:00
Alexey Sveshnikov bc98bc56a5 Fixed #25059 -- Allowed Punycode TLDs in URLValidator 2015-07-06 15:08:43 -04:00
Danilo Bargen 2e65d56156 Fixed #20003 -- Improved and extended URLValidator
This adds support for authentication data (`user:password`) in URLs,
IPv6 addresses, and unicode domains.

The test suite has been improved by adding test URLs from
http://mathiasbynens.be/demo/url-regex (with a few adjustments,
like allowing local and reserved IPs).

The previous URL validation regex failed this test suite on 13
occasions, the validator was updated based on
https://gist.github.com/dperini/729294.
2015-01-06 14:04:25 -05:00
Danilo Bargen 8b77b64f1c Refactored URLValidator tests by moving URLs to text files. 2014-11-03 13:02:11 -05:00