You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@commons.apache.org by se...@apache.org on 2017/02/04 14:01:24 UTC

svn commit: r1781670 - in /commons/proper/validator/trunk/src: changes/changes.xml main/java/org/apache/commons/validator/routines/UrlValidator.java test/java/org/apache/commons/validator/routines/UrlValidatorTest.java

Author: sebb
Date: Sat Feb  4 14:01:24 2017
New Revision: 1781670

URL: http://svn.apache.org/viewvc?rev=1781670&view=rev
Log:
VALIDATOR-411 UrlValidator accepts ports above max limit of 16-bit unsigned integer

Modified:
    commons/proper/validator/trunk/src/changes/changes.xml
    commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java
    commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java

Modified: commons/proper/validator/trunk/src/changes/changes.xml
URL: http://svn.apache.org/viewvc/commons/proper/validator/trunk/src/changes/changes.xml?rev=1781670&r1=1781669&r2=1781670&view=diff
==============================================================================
--- commons/proper/validator/trunk/src/changes/changes.xml (original)
+++ commons/proper/validator/trunk/src/changes/changes.xml Sat Feb  4 14:01:24 2017
@@ -90,6 +90,9 @@ The dependencies for Validator have not
 For the current list of dependencies, please see
 http://commons.apache.org/validator/dependencies.html
   ">
+    <action issue="VALIDATOR-411" type="fix" dev="sebb">
+    UrlValidator accepts ports above max limit of 16-bit unsigned integer
+    </action>
     <action type="update" dev="sebb">
     IANA TLD lists: Updated to Version 2017020400, Last Updated Sat Feb  4 07:07:01 2017 UTC
     </action>

Modified: commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java
URL: http://svn.apache.org/viewvc/commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java?rev=1781670&r1=1781669&r2=1781670&view=diff
==============================================================================
--- commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java (original)
+++ commons/proper/validator/trunk/src/main/java/org/apache/commons/validator/routines/UrlValidator.java Sat Feb  4 14:01:24 2017
@@ -156,8 +156,7 @@ public class UrlValidator implements Ser
 
     private static final int PARSE_AUTHORITY_HOST_IP = 2; // excludes userinfo, if present
 
-    // Not needed, because it is validated by AUTHORITY_REGEX
-//    private static final int PARSE_AUTHORITY_PORT = 3;
+    private static final int PARSE_AUTHORITY_PORT = 3; // excludes leading colon
 
     /**
      * Should always be empty. The code currently allows spaces.
@@ -413,6 +412,17 @@ public class UrlValidator implements Ser
                     return false;
                 }
             }
+            String port = authorityMatcher.group(PARSE_AUTHORITY_PORT);
+            if (port != null && port.length() > 0) {
+            	try {
+            		long iPort = Integer.parseInt(port);
+            		if (iPort < 0 || iPort > 0xFFFF) {
+            			return false;
+            		}
+            	} catch (NumberFormatException nfe) {
+            		return false; // this can happen for big numbers
+            	}
+            }
         }
 
         String extra = authorityMatcher.group(PARSE_AUTHORITY_EXTRA);

Modified: commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java
URL: http://svn.apache.org/viewvc/commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java?rev=1781670&r1=1781669&r2=1781670&view=diff
==============================================================================
--- commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java (original)
+++ commons/proper/validator/trunk/src/test/java/org/apache/commons/validator/routines/UrlValidatorTest.java Sat Feb  4 14:01:24 2017
@@ -322,6 +322,15 @@ protected void setUp() {
         assertTrue(urlValidator.isValid("http://example.rocks"));
     }
 
+    public void testValidator411(){
+        UrlValidator urlValidator = new UrlValidator();
+        assertTrue(urlValidator.isValid("http://example.rocks:/"));
+        assertTrue(urlValidator.isValid("http://example.rocks:0/"));
+        assertTrue(urlValidator.isValid("http://example.rocks:65535/"));
+        assertFalse(urlValidator.isValid("http://example.rocks:65536/"));
+        assertFalse(urlValidator.isValid("http://example.rocks:100000/"));
+    }
+
     static boolean incrementTestPartsIndex(int[] testPartsIndex, Object[] testParts) {
       boolean carry = true;  //add 1 to lowest order part.
       boolean maxIndex = true;
@@ -533,11 +542,12 @@ protected void setUp() {
                                   new ResultPair("", false)
    };
    ResultPair[] testUrlPort = {new ResultPair(":80", true),
-                             new ResultPair(":65535", true),
+                             new ResultPair(":65535", true), // max possible
                              new ResultPair(":0", true),
                              new ResultPair("", true),
                              new ResultPair(":-1", false),
-                             new ResultPair(":65636", true),
+                             new ResultPair(":65636", false),
+                             new ResultPair(":999999999999999999", false),
                              new ResultPair(":65a", false)
    };
    ResultPair[] testPath = {new ResultPair("/test1", true),