diff options
author | Scott Koranda <skoranda@gmail.com> | 2019-11-25 18:58:12 -0600 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2019-11-26 13:33:46 +0200 |
commit | 9bc9e57521f702a9a6b17020ede508a067e43cd5 (patch) | |
tree | 321ea41e8fd2ff836daba97e33b2611de48ff944 | |
parent | ad83f817409507e1f59859fc93c16b4cb4a43073 (diff) | |
download | pysaml2-9bc9e57521f702a9a6b17020ede508a067e43cd5.tar.gz |
Fix ipv6 validation for addresses with brackets
Fix ipv6 validation for addresses that include the brackets,
such as [2001:8003:5555:9999:555a:5555:c77:d5c5]. See
https://tools.ietf.org/html/rfc4038#section-5.1 regarding the inclusion
of brackets in the address. The Shibboleth IdP sends ipv6 addresses
that include the brackets.
-rw-r--r-- | src/saml2/validate.py | 2 | ||||
-rw-r--r-- | tests/test_13_validate.py | 8 |
2 files changed, 10 insertions, 0 deletions
diff --git a/src/saml2/validate.py b/src/saml2/validate.py index 8b0533f9..c6caf47d 100644 --- a/src/saml2/validate.py +++ b/src/saml2/validate.py @@ -133,6 +133,7 @@ def valid_ipv4(address): IPV6_PATTERN = re.compile(r""" ^ \s* # Leading whitespace + \[? # See https://tools.ietf.org/html/rfc4038#section-5.1 (?!.*::.*::) # Only a single wildcard allowed (?:(?!:)|:(?=:)) # Colon iff it would be part of a wildcard (?: # Repeat 6 times: @@ -153,6 +154,7 @@ IPV6_PATTERN = re.compile(r""" (?:25[0-4]|2[0-4]\d|1\d\d|[1-9]?\d) ){3} ) + \]? # See https://tools.ietf.org/html/rfc4038#section-5.1 \s* # Trailing whitespace $ """, re.VERBOSE | re.IGNORECASE | re.DOTALL) diff --git a/tests/test_13_validate.py b/tests/test_13_validate.py index ba85e6cb..9c91299a 100644 --- a/tests/test_13_validate.py +++ b/tests/test_13_validate.py @@ -13,6 +13,7 @@ from saml2.validate import valid_instance from saml2.validate import valid_any_uri from saml2.validate import NotValid from saml2.validate import valid_anytype +from saml2.validate import valid_address from pytest import raises @@ -120,3 +121,10 @@ def test_valid_anytype(): assert valid_anytype("P1Y2M3DT10H30M") assert valid_anytype("urn:oasis:names:tc:SAML:2.0:attrname-format:uri") +def test_valid_address(): + assert valid_address("130.239.16.3") + assert valid_address("2001:8003:5555:9999:555a:5555:c77:d5c5") + + # See https://tools.ietf.org/html/rfc4038#section-5.1 regarding + # the inclusion of brackets in the ipv6 address below. + assert valid_address("[2001:8003:5555:9999:555a:5555:c77:d5c5]") |