From a85b7d62bd2788e36e6e83c043f86b3ba1e6a9ec Mon Sep 17 00:00:00 2001 From: Matt Menke Date: Mon, 26 Jul 2021 10:32:31 -0400 Subject: [PATCH] Reject hostnames that end in numbers but are not IPv4 IPs Follows https://github.com/whatwg/url/pull/619, and adds more coverage to this area generally. --- url/resources/urltestdata.json | 230 ++++++++++++++++++++++++++------- 1 file changed, 186 insertions(+), 44 deletions(-) diff --git a/url/resources/urltestdata.json b/url/resources/urltestdata.json index 34cc2e5a9e356c..9cbcc2ca192128 100644 --- a/url/resources/urltestdata.json +++ b/url/resources/urltestdata.json @@ -3896,21 +3896,6 @@ "search": "", "hash": "" }, - { - "input": "http://0..0x300/", - "base": "about:blank", - "href": "http://0..0x300/", - "origin": "http://0..0x300", - "protocol": "http:", - "username": "", - "password": "", - "host": "0..0x300", - "hostname": "0..0x300", - "port": "", - "pathname": "/", - "search": "", - "hash": "" - }, "Broken IPv6", { "input": "http://[www.google.com]/", @@ -5161,6 +5146,36 @@ "hash": "#foo%60bar" }, "# IPv4 parsing (via https://github.com/nodejs/node/pull/10317)", + { + "input": "http://1.2.3.4/", + "base": "http://other.com/", + "href": "http://1.2.3.4/", + "origin": "http://1.2.3.4", + "protocol": "http:", + "username": "", + "password": "", + "host": "1.2.3.4", + "hostname": "1.2.3.4", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, + { + "input": "http://1.2.3.4./", + "base": "http://other.com/", + "href": "http://1.2.3.4/", + "origin": "http://1.2.3.4", + "protocol": "http:", + "username": "", + "password": "", + "host": "1.2.3.4", + "hostname": "1.2.3.4", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, { "input": "http://192.168.257", "base": "http://other.com/", @@ -5176,6 +5191,21 @@ "search": "", "hash": "" }, + { + "input": "http://192.168.257.", + "base": "http://other.com/", + "href": "http://192.168.1.1/", + "origin": "http://192.168.1.1", + "protocol": "http:", + "username": "", + "password": "", + "host": "192.168.1.1", + "hostname": "192.168.1.1", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, { "input": "http://192.168.257.com", "base": "http://other.com/", @@ -5236,6 +5266,21 @@ "search": "", "hash": "" }, + { + "input": "http://999999999.", + "base": "http://other.com/", + "href": "http://59.154.201.255/", + "origin": "http://59.154.201.255", + "protocol": "http:", + "username": "", + "password": "", + "host": "59.154.201.255", + "hostname": "59.154.201.255", + "port": "", + "pathname": "/", + "search": "", + "hash": "" + }, { "input": "http://999999999.com", "base": "http://other.com/", @@ -5316,21 +5361,6 @@ "base": "http://other.com/", "failure": true }, - { - "input": "http://256.256.256.256.256", - "base": "http://other.com/", - "href": "http://256.256.256.256.256/", - "origin": "http://256.256.256.256.256", - "protocol": "http:", - "username": "", - "password": "", - "host": "256.256.256.256.256", - "hostname": "256.256.256.256.256", - "port": "", - "pathname": "/", - "search": "", - "hash": "" - }, { "input": "https://0x.0x.0", "base": "about:blank", @@ -7298,20 +7328,6 @@ "hash": "" }, "Invalid IPv4 radix digits", - { - "input": "http://0177.0.0.0189", - "base": "about:blank", - "href": "http://0177.0.0.0189/", - "protocol": "http:", - "username": "", - "password": "", - "host": "0177.0.0.0189", - "hostname": "0177.0.0.0189", - "port": "", - "pathname": "/", - "search": "", - "hash": "" - }, { "input": "http://0x7f.0.0.0x7g", "base": "about:blank", @@ -8031,5 +8047,131 @@ "input": "?", "base": null, "failure": true + }, + "Last component looks like a number, but not valid IPv4", + { + "input": "http://1.2.3.4.5", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://1.2.3.4.5.", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://0..0x300/", + "base": "about:blank", + "failure": true + }, + { + "input": "http://0..0x300./", + "base": "about:blank", + "failure": true + }, + { + "input": "http://256.256.256.256.256", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://256.256.256.256.256.", + "base": "http://other.com/", + "failure": true + }, + { + "input": "http://1.2.3.08", + "base": "about:blank", + "failure": true + }, + { + "input": "http://1.2.3.08.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://1.2.3.09", + "base": "about:blank", + "failure": true + }, + { + "input": "http://09.2.3.4", + "base": "about:blank", + "failure": true + }, + { + "input": "http://09.2.3.4.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://01.2.3.4.5", + "base": "about:blank", + "failure": true + }, + { + "input": "http://01.2.3.4.5.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://0x100.2.3.4", + "base": "about:blank", + "failure": true + }, + { + "input": "http://0x100.2.3.4.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://0x1.2.3.4.5", + "base": "about:blank", + "failure": true + }, + { + "input": "http://0x1.2.3.4.5.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.1.2.3.4", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.1.2.3.4.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.2.3.4", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.2.3.4.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.09", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.09.", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.0x4", + "base": "about:blank", + "failure": true + }, + { + "input": "http://foo.0x4.", + "base": "about:blank", + "failure": true } ]