From 303c76030b4f62fbd59e343724f91df2008ecd47 Mon Sep 17 00:00:00 2001 From: Vadim Sultanov Date: Wed, 7 Feb 2024 23:46:40 +0500 Subject: [PATCH 1/2] bugfix: domain name validation. Updated regexp for domain validation Add testcases for domain validation fix issue: https://github.com/IdentityPython/pysaml2/issues/950 --- src/saml2/validate.py | 3 +- tests/test_13_validate.py | 59 +++++++++++++++++++++++++++++++++++++++ 2 files changed, 61 insertions(+), 1 deletion(-) diff --git a/src/saml2/validate.py b/src/saml2/validate.py index 51a41b992..518ce17e5 100644 --- a/src/saml2/validate.py +++ b/src/saml2/validate.py @@ -420,6 +420,7 @@ def valid_instance(instance): def valid_domain_name(dns_name): - m = re.match(r"^[a-z0-9]+([-.]{ 1 }[a-z0-9]+).[a-z]{2,5}(:[0-9]{1,5})?(\/.)?$", dns_name, re.I) + m = re.match(r"^((?:[a-zA-Z](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{2,5})(?::\d+)?$", dns_name, re.I) if not m: raise ValueError("Not a proper domain name") + return True diff --git a/tests/test_13_validate.py b/tests/test_13_validate.py index 05e63a192..dd0d9b298 100644 --- a/tests/test_13_validate.py +++ b/tests/test_13_validate.py @@ -11,6 +11,7 @@ from saml2.validate import valid_any_uri from saml2.validate import valid_anytype from saml2.validate import valid_duration +from saml2.validate import valid_domain_name from saml2.validate import valid_instance from saml2.validate import valid_non_negative_integer from saml2.validate import valid_string @@ -146,3 +147,61 @@ def test_valid_address(): assert valid_address("[2001:8003:5555:9999:555a:5555:c77:d5c5") with raises(NotValid): assert valid_address("[[2001:8003:5555:9999:555a:5555:c77:d5c5]") + + +def test_valid_domain_name(): + assert valid_domain_name("api.my-domain.com") + assert valid_domain_name("auth.admin.domain.com") + assert valid_domain_name("auth.domain.com") + assert valid_domain_name("auth.domain.com") + assert valid_domain_name("lk.domain.com:12") + assert valid_domain_name("lk.domain.com:12") + assert valid_domain_name("static.domain.xyz:12345") + assert valid_domain_name("domain.com") + assert valid_domain_name("domain.lu") + assert valid_domain_name("auth-domain.com") + assert valid_domain_name("domain.com:12345") + assert valid_domain_name("auth-admin.domain-uero.xyz") + assert valid_domain_name("auth.lk.d.sr.mydomain.com") + + with raises(ValueError): + valid_domain_name("") + + with raises(ValueError): + valid_domain_name("auth.domain.ljnjnfds") + + with raises(ValueError): + valid_domain_name("123.123.123.123") + + with raises(ValueError): + valid_domain_name("123.123.123.123:80") + + with raises(ValueError): + valid_domain_name("123.123.123.123:8000") + + with raises(ValueError): + valid_domain_name("auth_domain.com") + + with raises(ValueError): + valid_domain_name("example-.com") + + with raises(ValueError): + valid_domain_name("exa@ple.com") + + with raises(ValueError): + valid_domain_name("exaple.c") + + with raises(ValueError): + valid_domain_name("123example.com") + + with raises(ValueError): + valid_domain_name("example.com:") + + with raises(ValueError): + valid_domain_name("example..com") + + with raises(ValueError): + valid_domain_name("example.com123") + + with raises(ValueError): + valid_domain_name("example.com.") From d3a92dcb543bcfd3fd85a54a0b31c6ff89813c4d Mon Sep 17 00:00:00 2001 From: Vadim Sultanov Date: Wed, 27 Nov 2024 19:36:47 +0500 Subject: [PATCH 2/2] Update after review: - Added validators library. - For domain validation uses validators.domain insted of regepx. - Updated tests according to reviews. --- poetry.lock | 29 +++++++++++++++++++++++++++-- pyproject.toml | 1 + src/saml2/validate.py | 8 +++++--- tests/test_13_validate.py | 12 ++---------- 4 files changed, 35 insertions(+), 15 deletions(-) diff --git a/poetry.lock b/poetry.lock index 3114b6e31..65af68423 100644 --- a/poetry.lock +++ b/poetry.lock @@ -1,4 +1,4 @@ -# This file is automatically @generated by Poetry 1.7.1 and should not be changed by hand. +# This file is automatically @generated by Poetry 1.8.2 and should not be changed by hand. [[package]] name = "alabaster" @@ -1329,6 +1329,7 @@ files = [ {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:69b023b2b4daa7548bcfbd4aa3da05b3a74b772db9e23b982788168117739938"}, {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:81e0b275a9ecc9c0c0c07b4b90ba548307583c125f54d5b6946cfee6360c733d"}, {file = "PyYAML-6.0.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:ba336e390cd8e4d1739f42dfe9bb83a3cc2e80f567d8805e11b46f4a943f5515"}, + {file = "PyYAML-6.0.1-cp310-cp310-musllinux_1_1_x86_64.whl", hash = "sha256:326c013efe8048858a6d312ddd31d56e468118ad4cdeda36c719bf5bb6192290"}, {file = "PyYAML-6.0.1-cp310-cp310-win32.whl", hash = "sha256:bd4af7373a854424dabd882decdc5579653d7868b8fb26dc7d0e99f823aa5924"}, {file = "PyYAML-6.0.1-cp310-cp310-win_amd64.whl", hash = "sha256:fd1592b3fdf65fff2ad0004b5e363300ef59ced41c2e6b3a99d4089fa8c5435d"}, {file = "PyYAML-6.0.1-cp311-cp311-macosx_10_9_x86_64.whl", hash = "sha256:6965a7bc3cf88e5a1c3bd2e0b5c22f8d677dc88a455344035f03399034eb3007"}, @@ -1336,8 +1337,16 @@ files = [ {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:42f8152b8dbc4fe7d96729ec2b99c7097d656dc1213a3229ca5383f973a5ed6d"}, {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:062582fca9fabdd2c8b54a3ef1c978d786e0f6b3a1510e0ac93ef59e0ddae2bc"}, {file = "PyYAML-6.0.1-cp311-cp311-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:d2b04aac4d386b172d5b9692e2d2da8de7bfb6c387fa4f801fbf6fb2e6ba4673"}, + {file = "PyYAML-6.0.1-cp311-cp311-musllinux_1_1_x86_64.whl", hash = "sha256:e7d73685e87afe9f3b36c799222440d6cf362062f78be1013661b00c5c6f678b"}, {file = "PyYAML-6.0.1-cp311-cp311-win32.whl", hash = "sha256:1635fd110e8d85d55237ab316b5b011de701ea0f29d07611174a1b42f1444741"}, {file = "PyYAML-6.0.1-cp311-cp311-win_amd64.whl", hash = "sha256:bf07ee2fef7014951eeb99f56f39c9bb4af143d8aa3c21b1677805985307da34"}, + {file = "PyYAML-6.0.1-cp312-cp312-macosx_10_9_x86_64.whl", hash = "sha256:855fb52b0dc35af121542a76b9a84f8d1cd886ea97c84703eaa6d88e37a2ad28"}, + {file = "PyYAML-6.0.1-cp312-cp312-macosx_11_0_arm64.whl", hash = "sha256:40df9b996c2b73138957fe23a16a4f0ba614f4c0efce1e9406a184b6d07fa3a9"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a08c6f0fe150303c1c6b71ebcd7213c2858041a7e01975da3a99aed1e7a378ef"}, + {file = "PyYAML-6.0.1-cp312-cp312-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:6c22bec3fbe2524cde73d7ada88f6566758a8f7227bfbf93a408a9d86bcc12a0"}, + {file = "PyYAML-6.0.1-cp312-cp312-musllinux_1_1_x86_64.whl", hash = "sha256:8d4e9c88387b0f5c7d5f281e55304de64cf7f9c0021a3525bd3b1c542da3b0e4"}, + {file = "PyYAML-6.0.1-cp312-cp312-win32.whl", hash = "sha256:d483d2cdf104e7c9fa60c544d92981f12ad66a457afae824d146093b8c294c54"}, + {file = "PyYAML-6.0.1-cp312-cp312-win_amd64.whl", hash = "sha256:0d3304d8c0adc42be59c5f8a4d9e3d7379e6955ad754aa9d6ab7a398b59dd1df"}, {file = "PyYAML-6.0.1-cp36-cp36m-macosx_10_9_x86_64.whl", hash = "sha256:50550eb667afee136e9a77d6dc71ae76a44df8b3e51e41b77f6de2932bfe0f47"}, {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:1fe35611261b29bd1de0070f0b2f47cb6ff71fa6595c077e42bd0c419fa27b98"}, {file = "PyYAML-6.0.1-cp36-cp36m-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:704219a11b772aea0d8ecd7058d0082713c3562b4e271b849ad7dc4a5c90c13c"}, @@ -1354,6 +1363,7 @@ files = [ {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:a0cd17c15d3bb3fa06978b4e8958dcdc6e0174ccea823003a106c7d4d7899ac5"}, {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:28c119d996beec18c05208a8bd78cbe4007878c6dd15091efb73a30e90539696"}, {file = "PyYAML-6.0.1-cp38-cp38-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:7e07cbde391ba96ab58e532ff4803f79c4129397514e1413a7dc761ccd755735"}, + {file = "PyYAML-6.0.1-cp38-cp38-musllinux_1_1_x86_64.whl", hash = "sha256:49a183be227561de579b4a36efbb21b3eab9651dd81b1858589f796549873dd6"}, {file = "PyYAML-6.0.1-cp38-cp38-win32.whl", hash = "sha256:184c5108a2aca3c5b3d3bf9395d50893a7ab82a38004c8f61c258d4428e80206"}, {file = "PyYAML-6.0.1-cp38-cp38-win_amd64.whl", hash = "sha256:1e2722cc9fbb45d9b87631ac70924c11d3a401b2d7f410cc0e3bbf249f2dca62"}, {file = "PyYAML-6.0.1-cp39-cp39-macosx_10_9_x86_64.whl", hash = "sha256:9eb6caa9a297fc2c2fb8862bc5370d0303ddba53ba97e71f08023b6cd73d16a8"}, @@ -1361,6 +1371,7 @@ files = [ {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_aarch64.manylinux2014_aarch64.whl", hash = "sha256:5773183b6446b2c99bb77e77595dd486303b4faab2b086e7b17bc6bef28865f6"}, {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_s390x.manylinux2014_s390x.whl", hash = "sha256:b786eecbdf8499b9ca1d697215862083bd6d2a99965554781d0d8d1ad31e13a0"}, {file = "PyYAML-6.0.1-cp39-cp39-manylinux_2_17_x86_64.manylinux2014_x86_64.whl", hash = "sha256:bc1bf2925a1ecd43da378f4db9e4f799775d6367bdb94671027b73b393a7c42c"}, + {file = "PyYAML-6.0.1-cp39-cp39-musllinux_1_1_x86_64.whl", hash = "sha256:04ac92ad1925b2cff1db0cfebffb6ffc43457495c9b3c39d3fcae417d7125dc5"}, {file = "PyYAML-6.0.1-cp39-cp39-win32.whl", hash = "sha256:faca3bdcf85b2fc05d06ff3fbc1f83e1391b3e724afa3feba7d13eeab355484c"}, {file = "PyYAML-6.0.1-cp39-cp39-win_amd64.whl", hash = "sha256:510c9deebc5c0225e8c96813043e62b680ba2f9c50a08d3724c7f28a747d1486"}, {file = "PyYAML-6.0.1.tar.gz", hash = "sha256:bfdf460b1736c775f2ba9f6a92bca30bc2095067b8a9d77876d1fad6cc3b4a43"}, @@ -1761,6 +1772,20 @@ brotli = ["brotli (>=1.0.9)", "brotlicffi (>=0.8.0)"] socks = ["pysocks (>=1.5.6,!=1.5.7,<2.0)"] zstd = ["zstandard (>=0.18.0)"] +[[package]] +name = "validators" +version = "0.34.0" +description = "Python Data Validation for Humans™" +optional = false +python-versions = ">=3.8" +files = [ + {file = "validators-0.34.0-py3-none-any.whl", hash = "sha256:c804b476e3e6d3786fa07a30073a4ef694e617805eb1946ceee3fe5a9b8b1321"}, + {file = "validators-0.34.0.tar.gz", hash = "sha256:647fe407b45af9a74d245b943b18e6a816acf4926974278f6dd617778e1e781f"}, +] + +[package.extras] +crypto-eth-addresses = ["eth-hash[pycryptodome] (>=0.7.0)"] + [[package]] name = "virtualenv" version = "20.25.0" @@ -1900,4 +1925,4 @@ s2repoze = ["paste", "repoze.who", "zope.interface"] [metadata] lock-version = "2.0" python-versions = "^3.9" -content-hash = "7ef01bfa4f1ba8b1169784a9ab67a4e7a536402716b9174f818e06dfc3c628fe" +content-hash = "d328e5e1e82056a8e5755be930b0c7c177ef17f16ef2b35cc8fd1695a05e63df" diff --git a/pyproject.toml b/pyproject.toml index dc02a02c8..e210a153a 100644 --- a/pyproject.toml +++ b/pyproject.toml @@ -49,6 +49,7 @@ pytz = "*" requests = "^2" xmlschema = "^2" "zope.interface" = {optional = true, version = "*"} +validators = "^0.34.0" [tool.poetry.extras] s2repoze = ["paste", "repoze-who", "zope-interface"] diff --git a/src/saml2/validate.py b/src/saml2/validate.py index 518ce17e5..c364d614a 100644 --- a/src/saml2/validate.py +++ b/src/saml2/validate.py @@ -8,6 +8,8 @@ import time from urllib.parse import urlparse +import validators + from saml2 import time_util @@ -420,7 +422,7 @@ def valid_instance(instance): def valid_domain_name(dns_name): - m = re.match(r"^((?:[a-zA-Z](?:[a-zA-Z0-9\-]*[a-zA-Z0-9])?\.)+[a-zA-Z]{2,5})(?::\d+)?$", dns_name, re.I) - if not m: + value = validators.domain(dns_name) + if not value: raise ValueError("Not a proper domain name") - return True + return value diff --git a/tests/test_13_validate.py b/tests/test_13_validate.py index dd0d9b298..61b621ec9 100644 --- a/tests/test_13_validate.py +++ b/tests/test_13_validate.py @@ -154,22 +154,17 @@ def test_valid_domain_name(): assert valid_domain_name("auth.admin.domain.com") assert valid_domain_name("auth.domain.com") assert valid_domain_name("auth.domain.com") - assert valid_domain_name("lk.domain.com:12") - assert valid_domain_name("lk.domain.com:12") - assert valid_domain_name("static.domain.xyz:12345") + assert valid_domain_name("lk.domain.com") assert valid_domain_name("domain.com") assert valid_domain_name("domain.lu") assert valid_domain_name("auth-domain.com") - assert valid_domain_name("domain.com:12345") assert valid_domain_name("auth-admin.domain-uero.xyz") assert valid_domain_name("auth.lk.d.sr.mydomain.com") + assert valid_domain_name("123example.com") with raises(ValueError): valid_domain_name("") - with raises(ValueError): - valid_domain_name("auth.domain.ljnjnfds") - with raises(ValueError): valid_domain_name("123.123.123.123") @@ -191,9 +186,6 @@ def test_valid_domain_name(): with raises(ValueError): valid_domain_name("exaple.c") - with raises(ValueError): - valid_domain_name("123example.com") - with raises(ValueError): valid_domain_name("example.com:")