From 38587f3dca7e2f75b04cb0d80e4fc30ea6e139dc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89loi=20Rivard?= Date: Sat, 24 Sep 2022 15:40:59 +0200 Subject: [PATCH] Use ipaddress to detect valid and invalid IPs --- furl/furl.py | 47 +++++++++++++++++++++++++++++++++++++--------- setup.py | 1 + tests/test_furl.py | 21 +++++++++++---------- 3 files changed, 50 insertions(+), 19 deletions(-) Index: furl-2.1.3/furl/furl.py =================================================================== --- furl-2.1.3.orig/furl/furl.py +++ furl-2.1.3/furl/furl.py @@ -12,6 +12,7 @@ import re import abc +import ipaddress import warnings from copy import deepcopy from posixpath import normpath @@ -241,6 +242,37 @@ def is_valid_host(hostname): return '' not in toks # Adjacent periods aren't allowed. +def is_valid_ipv4(ip): + if isinstance(ip, six.binary_type): + ip = ip.decode() + + try: + ipaddress.IPv4Address(ip) + return True + except ValueError: + return False + + +def is_valid_ipv6(ip): + if isinstance(ip, six.binary_type): + ip = ip.decode() + + # ipaddress handle IPs without brackets + if ( + callable_attr(ip, 'startswith') + and callable_attr(ip, 'endswith') + and ip.startswith("[") + and ip.endswith("]") + ): + ip = ip[1:-1] + + try: + ipaddress.IPv6Address(ip) + return True + except ValueError: + return False + + def get_scheme(url): if url.startswith(':'): return '' @@ -1434,15 +1466,12 @@ class furl(URLPathCompositionInterface, """ Raises: ValueError on invalid host or malformed IPv6 address. """ - # Invalid IPv6 literal. - urllib.parse.urlsplit('http://%s/' % host) # Raises ValueError. - - # Invalid host string. - resembles_ipv6_literal = ( - host is not None and lget(host, 0) == '[' and ':' in host and - lget(host, -1) == ']') - if (host is not None and not resembles_ipv6_literal and - not is_valid_host(host)): + if ( + host + and not is_valid_host(host) + and not is_valid_ipv4(host) + and not is_valid_ipv6(host) + ): errmsg = ( "Invalid host '%s'. Host strings must have at least one " "non-period character, can't contain any of '%s', and can't " Index: furl-2.1.3/setup.py =================================================================== --- furl-2.1.3.orig/setup.py +++ furl-2.1.3/setup.py @@ -109,6 +109,7 @@ setup( install_requires=[ 'six>=1.8.0', 'orderedmultidict>=1.0.1', + 'ipaddress>=1.0.23; python_version < "3.3"', ], cmdclass={ 'test': RunTests, Index: furl-2.1.3/tests/test_furl.py =================================================================== --- furl-2.1.3.orig/tests/test_furl.py +++ furl-2.1.3/tests/test_furl.py @@ -1666,10 +1666,10 @@ class TestFurl(unittest.TestCase): # addresses. f = furl.furl('http://1.2.3.4.5.6/') - # Invalid, but well-formed, IPv6 addresses shouldn't raise an - # exception because urlparse.urlsplit() doesn't raise an - # exception on invalid IPv6 addresses. - furl.furl('http://[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]/') + # Invalid, but well-formed, IPv6 addresses should raise an + # exception. + with self.assertRaises(ValueError): + furl.furl('http://[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]/') # Malformed IPv6 should raise an exception because urlparse.urlsplit() # raises an exception on malformed IPv6 addresses. @@ -1695,12 +1695,17 @@ class TestFurl(unittest.TestCase): assert f.host == '1.2.3.4.5.6' assert f.port == 999 - netloc = '[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]:888' + netloc = '[1:2:3:4:5:6:7:8]:888' f.netloc = netloc assert f.netloc == netloc - assert f.host == '[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]' + assert f.host == '[1:2:3:4:5:6:7:8]' assert f.port == 888 + # Well-formed but invalid IPv6 should raise an exception + netloc = '[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]:888' + with self.assertRaises(ValueError): + f.netloc = netloc + # Malformed IPv6 should raise an exception because # urlparse.urlsplit() raises an exception with self.assertRaises(ValueError): @@ -1714,10 +1719,6 @@ class TestFurl(unittest.TestCase): with self.assertRaises(ValueError): f.netloc = 'pump2pump.org:777777777777' - # No side effects. - assert f.host == '[0:0:0:0:0:0:0:1:1:1:1:1:1:1:1:9999999999999]' - assert f.port == 888 - # Empty netloc. f = furl.furl('//') assert f.scheme is None and f.netloc == '' and f.url == '//'