Ensure validations account for trailing newlines

The regex's used for validation allowed "\n" terminated strings to pass, allowing invalid data through. Change-Id: Iae4c40ffab9951280bb6d67c2a7cb779dc7ddf0f Closes-Bug: 1471158
author: Kiall Mac Innes <kiall@macinnes.ie> 2015-07-03 14:56:31 +0100
committer: Kiall Mac Innes <kiall@macinnes.ie> 2015-07-20 18:54:44 +0000
commit: 09d65fddf1abfe9d7a3f3e63b87a03bea06e61ce (patch)
tree: a23fdbd5728272328a1eaf4cb47b2d2cc521a0dd
parent: 2612d4875c854c4ffbc497f3e4c898721f89ed6d (diff)
download: designate-09d65fddf1abfe9d7a3f3e63b87a03bea06e61ce.tar.gz
2 files changed, 63 insertions, 3 deletions
diff --git a/designate/schema/format.py b/designate/schema/format.py
index c083ded6..c1efa705 100644
--- a/designate/schema/format.py
+++ b/designate/schema/format.py
@@ -24,12 +24,19 @@ from designate.openstack.common import log as logging
 
 LOG = logging.getLogger(__name__)
 
-RE_DOMAINNAME = r'^(?!.{255,})(?:(?!\-)[A-Za-z0-9_\-]{1,63}(?<!\-)\.)+$'
-RE_HOSTNAME = r'^(?!.{255,})(?:(^\*|(?!\-)[A-Za-z0-9_\-]{1,63})(?<!\-)\.)+$'
+# NOTE(kiall): All of the below regular expressions are termined with
+#              "(?![\n])$", rather than simply "$" to ensure a string with a
+#              trailing newline is NOT matched. See bug #1471158. Annoyingly,
+#              Python's re module has no equilivant to PCRE_DOLLAR_ENDONLY, so
+#              we do it by hand instead.
+
+RE_DOMAINNAME = r'^(?!.{255,})(?:(?!\-)[A-Za-z0-9_\-]{1,63}(?<!\-)\.)+\Z'
+RE_HOSTNAME = r'^(?!.{255,})(?:(?:^\*|(?!\-)[A-Za-z0-9_\-]{1,63})(?<!\-)\.)+\Z'
 
 # The TLD name will not end in a period.
 RE_TLDNAME = r'^(?!.{255,})(?:(?!\-)[A-Za-z0-9_\-]{1,63}(?<!\-))' \
-    r'(\.(?:(?!\-)[A-Za-z0-9_\-]{1,63}(?<!\-)))*$'
+             r'(?:\.(?:(?!\-)[A-Za-z0-9_\-]{1,63}(?<!\-)))*\Z'
+
 
 draft3_format_checker = jsonschema.draft3_format_checker
 draft4_format_checker = jsonschema.draft4_format_checker
diff --git a/designate/tests/test_schema/test_format.py b/designate/tests/test_schema/test_format.py
index 847d21a0..8bb28b16 100644
--- a/designate/tests/test_schema/test_format.py
+++ b/designate/tests/test_schema/test_format.py
@@ -45,6 +45,8 @@ class SchemaFormatTest(TestCase):
             'ABCDEF',
             'ABC/DEF',
             'ABC\\DEF',
+            # Trailing newline - Bug 1471158
+            "127.0.0.1\n",
         ]
 
         for ipaddress in valid_ipaddresses:
@@ -53,6 +55,29 @@ class SchemaFormatTest(TestCase):
         for ipaddress in invalid_ipaddresses:
             self.assertFalse(format.is_ipv4(ipaddress))
 
+    def test_is_ipv6(self):
+        valid_ipaddresses = [
+            '2001:db8::0',
+            '2001:0db8:85a3:0000:0000:8a2e:0370:7334',
+            '2001:db8:85a3:0000:0000:8a2e:0370:7334',
+            '2001:db8:85a3::8a2e:0370:7334',
+        ]
+
+        invalid_ipaddresses = [
+            # Invalid characters
+            'hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh:hhhh'
+            # Trailing newline - Bug 1471158
+            "2001:db8::0\n",
+        ]
+
+        for ipaddress in valid_ipaddresses:
+            self.assertTrue(format.is_ipv6(ipaddress),
+                            'Expected Valid: %s' % ipaddress)
+
+        for ipaddress in invalid_ipaddresses:
+            self.assertFalse(format.is_ipv6(ipaddress),
+                             'Expected Invalid: %s' % ipaddress)
+
     def test_is_hostname(self):
         valid_hostnames = [
             'example.com.',
@@ -112,6 +137,8 @@ class SchemaFormatTest(TestCase):
             '-abc-.',
             'abc.-def-.',
             'abc.-def-.ghi.',
+            # Trailing newline - Bug 1471158
+            "www.example.com.\n",
         ]
 
         for hostname in valid_hostnames:
@@ -182,6 +209,8 @@ class SchemaFormatTest(TestCase):
             '-abc-.',
             'abc.-def-.',
             'abc.-def-.ghi.',
+            # Trailing newline - Bug 1471158
+            "example.com.\n",
         ]
 
         for domainname in valid_domainnames:
@@ -190,6 +219,30 @@ class SchemaFormatTest(TestCase):
         for domainname in invalid_domainnames:
             self.assertFalse(format.is_domainname(domainname))
 
+    def test_is_tldname(self):
+        valid_tldnames = [
+            'com',
+            'net',
+            'org',
+            'co.uk',
+        ]
+
+        invalid_tldnames = [
+            # Invalid Formats
+            'com.',
+            '.com',
+            # Trailing newline - Bug 1471158
+            "com\n",
+        ]
+
+        for tldname in valid_tldnames:
+            self.assertTrue(format.is_tldname(tldname),
+                            'Expected Valid: %s' % tldname)
+
+        for tldname in invalid_tldnames:
+            self.assertFalse(format.is_tldname(tldname),
+                             'Expected Invalid: %s' % tldname)
+
     def test_is_email(self):
         valid_emails = [
             'user@example.com',
author	Kiall Mac Innes <kiall@macinnes.ie>	2015-07-03 14:56:31 +0100
committer	Kiall Mac Innes <kiall@macinnes.ie>	2015-07-20 18:54:44 +0000
commit	09d65fddf1abfe9d7a3f3e63b87a03bea06e61ce (patch)
tree	a23fdbd5728272328a1eaf4cb47b2d2cc521a0dd
parent	2612d4875c854c4ffbc497f3e4c898721f89ed6d (diff)
download	designate-09d65fddf1abfe9d7a3f3e63b87a03bea06e61ce.tar.gz