Workaround for ipv4 address validation #5135
Conversation
| @@ -616,7 +616,8 @@ def address_in_network(ip, net): | |||
|
|
|||
| :rtype: bool | |||
| """ | |||
| ipaddr = struct.unpack('=L', socket.inet_aton(ip))[0] | |||
| if not is_ipv4_address(ip): | |||
There was a problem hiding this comment.
The code below uses ipaddr local variable which has been removed.
There was a problem hiding this comment.
I assume that we don't care about 3-1 octet IP addresses that the socket.inet_aton can parse e.g.:
In [11]: socket.inet_aton('0x7f000001')
Out[11]: b'\x7f\x00\x00\x01'
In [12]: socket.inet_aton('127.0.0')
Out[12]: b'\x7f\x00\x00\x00'
In [13]: socket.inet_aton('127.0')
Out[13]: b'\x7f\x00\x00\x00'If so, we can just use the builtin ipaddress module to validate if IP is in proper format:
In [2]: ipaddress.IPv4Address('192.168.0.1')
Out[2]: IPv4Address('192.168.0.1')
In [3]: ipaddress.IPv4Address('192')
AddressValueError: Expected 4 octets in '192'and then use the ipaddr = struct.unpack('=L', socket.inet_aton(ip))[0] line to parse it.
Note that the same problem stands for net argument - i.e. it also uses sockeet.inet_aton so we need to validate it's format first.
There was a problem hiding this comment.
I didn't plan on handling 1-3 octet IPs unless we also consider those valid? I didn't think we would consider those as valid IPs.
We already have a check for valid ip that works (is_valid_ipv4) that I changed to remove the socket dependency in it. I think the best solution would be to leave the socket dependencies in the functions that use them and just put a check first, that way we don't allow it to pass IPs like '1.1.1.1 wtf' into the broken Python functions.
|
Just for a reference, the |
| @@ -645,11 +645,12 @@ def is_ipv4_address(string_ip): | |||
| return False | |||
| for octet in ip_split: | |||
| try: | |||
| int(octet) | |||
| tmp = int(octet) | |||
There was a problem hiding this comment.
We already have a check for valid ip that works (is_valid_ipv4)
Sure, but it's better to use standard methods that work properly instead of reinventing the wheel.
The current version of is_ipv4_address still doesn't handle all the edge cases - for example, it returns True for an ip of '08.08.08.08'.
The ipaddress module has functions to check given IPs and networks. This could probably be used for both IP and CIDR checking.
There was a problem hiding this comment.
The ipaddress module doesn't exist for Python 2.7
| return False | ||
| if int(octet[1]) > 0: | ||
| return False | ||
| tmp = int(octet) |
There was a problem hiding this comment.
Here seems to me that it need to rewrite
|
Now that we've dropped support for Python 2.7-3.6, I think we're more likely to rely on |
This fixes the is_ipv4_address function. Initially intended to be a workaround for Issue #5131 it is now a removal of an external dependency. Since the check is a simple one, there is no need to rely on external sources.