mirrors/django
1
0
Fork 0
mirror of https://github.com/django/django.git synced 2025-10-31 01:25:32 +00:00
Code Issues 32 Releases Wiki Activity

[3.2.x] Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses.

Browse Source 
validate_ipv4_address() was affected only on Python < 3.9.5, see [1].
URLValidator() uses a regular expressions and it was affected on all
Python versions.

[1] https://bugs.python.org/issue36384
This commit is contained in:
Mariusz Felisiak
2021-05-24 09:55:14 +02:00
committed by Carlton Gibson
parent dfaba12cda
commit 9f75e2e562
7 changed files with 87 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
tests/validators/tests.py
View File

@@ -136,6 +136,16 @@ TEST_DATA = [
(validate_ipv4_address, '1.1.1.1\n', ValidationError),
(validate_ipv4_address, '٧.2٥.3٣.243', ValidationError),
# Leading zeros are forbidden to avoid ambiguity with the octal notation.
(validate_ipv4_address, '000.000.000.000', ValidationError),
(validate_ipv4_address, '016.016.016.016', ValidationError),
(validate_ipv4_address, '192.168.000.001', ValidationError),
(validate_ipv4_address, '01.2.3.4', ValidationError),
(validate_ipv4_address, '01.2.3.4', ValidationError),
(validate_ipv4_address, '1.02.3.4', ValidationError),
(validate_ipv4_address, '1.2.03.4', ValidationError),
(validate_ipv4_address, '1.2.3.04', ValidationError),
# validate_ipv6_address uses django.utils.ipv6, which
# is tested in much greater detail in its own testcase
(validate_ipv6_address, 'fe80::1', None),
@@ -161,6 +171,16 @@ TEST_DATA = [
(validate_ipv46_address, '::zzz', ValidationError),
(validate_ipv46_address, '12345::', ValidationError),
# Leading zeros are forbidden to avoid ambiguity with the octal notation.
(validate_ipv46_address, '000.000.000.000', ValidationError),
(validate_ipv46_address, '016.016.016.016', ValidationError),
(validate_ipv46_address, '192.168.000.001', ValidationError),
(validate_ipv46_address, '01.2.3.4', ValidationError),
(validate_ipv46_address, '01.2.3.4', ValidationError),
(validate_ipv46_address, '1.02.3.4', ValidationError),
(validate_ipv46_address, '1.2.03.4', ValidationError),
(validate_ipv46_address, '1.2.3.04', ValidationError),
(validate_comma_separated_integer_list, '1', None),
(validate_comma_separated_integer_list, '12', None),
(validate_comma_separated_integer_list, '1,2', None),