diff options
author | Scott Koranda <skoranda@gmail.com> | 2019-11-25 18:58:12 -0600 |
---|---|---|
committer | Ivan Kanakarakis <ivan.kanak@gmail.com> | 2019-11-26 13:33:46 +0200 |
commit | 9bc9e57521f702a9a6b17020ede508a067e43cd5 (patch) | |
tree | 321ea41e8fd2ff836daba97e33b2611de48ff944 /src/saml2/validate.py | |
parent | ad83f817409507e1f59859fc93c16b4cb4a43073 (diff) | |
download | pysaml2-9bc9e57521f702a9a6b17020ede508a067e43cd5.tar.gz |
Fix ipv6 validation for addresses with brackets
Fix ipv6 validation for addresses that include the brackets,
such as [2001:8003:5555:9999:555a:5555:c77:d5c5]. See
https://tools.ietf.org/html/rfc4038#section-5.1 regarding the inclusion
of brackets in the address. The Shibboleth IdP sends ipv6 addresses
that include the brackets.
Diffstat (limited to 'src/saml2/validate.py')
-rw-r--r-- | src/saml2/validate.py | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/src/saml2/validate.py b/src/saml2/validate.py index 8b0533f9..c6caf47d 100644 --- a/src/saml2/validate.py +++ b/src/saml2/validate.py @@ -133,6 +133,7 @@ def valid_ipv4(address): IPV6_PATTERN = re.compile(r""" ^ \s* # Leading whitespace + \[? # See https://tools.ietf.org/html/rfc4038#section-5.1 (?!.*::.*::) # Only a single wildcard allowed (?:(?!:)|:(?=:)) # Colon iff it would be part of a wildcard (?: # Repeat 6 times: @@ -153,6 +154,7 @@ IPV6_PATTERN = re.compile(r""" (?:25[0-4]|2[0-4]\d|1\d\d|[1-9]?\d) ){3} ) + \]? # See https://tools.ietf.org/html/rfc4038#section-5.1 \s* # Trailing whitespace $ """, re.VERBOSE | re.IGNORECASE | re.DOTALL) |