django.git/tests/validators/tests.py, branch 4.1.10 django http://cgit.adnoto.dev/django.git/atom?h=4.1.10 2023-07-03T06:27:05Z [4.1.x] Fixed CVE-2023-36053 -- Prevented potential ReDoS in EmailValidator and URLValidator. 2023-07-03T06:27:05Z Mariusz Felisiak felisiak.mariusz@gmail.com 2023-06-14T10:23:06Z urn:sha1:beb3f3d55940d9aa7198bf9d424ab74e873aec3d Thanks Seokchan Yoon for reports. Fixed #32559 -- Added 'step_size’ to numeric form fields. 2022-05-12T12:16:52Z Kapil Bansal kapilbansal.gbpecdelhi@gmail.com 2022-05-12T09:30:47Z urn:sha1:3a82b5f655446f0ca89e3b6a92b100aa458f348f Co-authored-by: Jacob Rief <jacob.rief@uibk.ac.at> Refs #33476 -- Reformatted code with Black. 2022-02-07T19:37:05Z django-bot ops@djangoproject.com 2022-02-03T19:24:19Z urn:sha1:9c19aff7c7561e3a82978a272ecdaad40dda5c00 Refs #33476 -- Refactored problematic code before reformatting by Black. 2022-02-03T10:20:46Z Mariusz Felisiak felisiak.mariusz@gmail.com 2022-02-03T10:20:46Z urn:sha1:c5cd8783825b5f6384417dac5f3889b4210b7d08 In these cases Black produces unexpected results, e.g. def make_random_password( self, length=10, allowed_chars='abcdefghjkmnpqrstuvwxyz' 'ABCDEFGHJKLMNPQRSTUVWXYZ' '23456789', ): or cursor.execute(""" SELECT ... """, [table name], ) Refs #31670 -- Removed whitelist argument and domain_whitelist attribute in EmailValidator per deprecation timeline. 2021-09-20T19:23:01Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-09-16T06:53:34Z urn:sha1:d25710a625fbb6dbb047c159417f796102fd721a Refs #22123 -- Added more URLValidator test for invalid IPv6 literals. 2021-08-06T10:58:55Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-08-06T08:58:57Z urn:sha1:61d92c650f5bc363177ebace62e3e8a67ec9499d Fixed #32959 -- Moved tests URLs to validators.tests. 2021-07-28T09:39:36Z chrishna1 adjnct@gmail.com 2021-07-27T20:17:57Z urn:sha1:033636286a7e1507e5471b653b074c1981738110 Fixed CVE-2021-33571 -- Prevented leading zeros in IPv4 addresses. 2021-06-02T08:58:39Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-24T07:55:14Z urn:sha1:e1d787f1b36d13b95187f8f425425ae1b98da188 validate_ipv4_address() was affected only on Python < 3.9.5, see [1]. URLValidator() uses a regular expressions and it was affected on all Python versions. [1] https://bugs.python.org/issue36384 Fixed #32713, Fixed CVE-2021-32052 -- Prevented newlines and tabs from being accepted in URLValidator on Python 3.9.5+. 2021-05-06T06:45:23Z Mariusz Felisiak felisiak.mariusz@gmail.com 2021-05-06T06:45:23Z urn:sha1:e1e81aa1c4427411e3c68facdd761229ffea6f6f In Python 3.9.5+ urllib.parse() automatically removes ASCII newlines and tabs from URLs [1, 2]. Unfortunately it created an issue in the URLValidator. URLValidator uses urllib.urlsplit() and urllib.urlunsplit() for creating a URL variant with Punycode which no longer contains newlines and tabs in Python 3.9.5+. As a consequence, the regular expression matched the URL (without unsafe characters) and the source value (with unsafe characters) was considered valid. [1] https://bugs.python.org/issue43882 and [2] https://github.com/python/cpython/commit/76cd81d60310d65d01f9d7b48a8985d8ab89c8b4 Fixed typo in DecimalValidator tests. 2020-07-16T09:21:39Z Claudio Catterina catterina.claudio@gmail.com 2020-07-16T09:21:39Z urn:sha1:faa6d41cdacfa3910ea2bb9278d1c9a4366cb9b4 This replaces redundant test for -Infinity with +Infinity.