diff options
| author | Natalia <124304+nessita@users.noreply.github.com> | 2025-01-06 15:51:45 -0300 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2025-01-14 09:08:01 -0300 |
| commit | ad866a1ca3e7d60da888d25d27e46a8adb2ed36e (patch) | |
| tree | 2286eacf7ac87b08c3255dc00513022fc9fcb687 /tests/forms_tests | |
| parent | b0d309c9eb802cbc652595e2d413bb451e37f124 (diff) | |
[4.2.x] Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation.
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'tests/forms_tests')
| -rw-r--r-- | tests/forms_tests/field_tests/test_genericipaddressfield.py | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/tests/forms_tests/field_tests/test_genericipaddressfield.py b/tests/forms_tests/field_tests/test_genericipaddressfield.py index 80722f5c65..ef00a727a4 100644 --- a/tests/forms_tests/field_tests/test_genericipaddressfield.py +++ b/tests/forms_tests/field_tests/test_genericipaddressfield.py @@ -1,6 +1,7 @@ from django.core.exceptions import ValidationError from django.forms import GenericIPAddressField from django.test import SimpleTestCase +from django.utils.ipv6 import MAX_IPV6_ADDRESS_LENGTH class GenericIPAddressFieldTest(SimpleTestCase): @@ -125,6 +126,35 @@ class GenericIPAddressFieldTest(SimpleTestCase): ): f.clean("1:2") + def test_generic_ipaddress_max_length_custom(self): + # Valid IPv4-mapped IPv6 address, len 45. + addr = "0000:0000:0000:0000:0000:ffff:192.168.100.228" + f = GenericIPAddressField(max_length=len(addr)) + f.clean(addr) + + def test_generic_ipaddress_max_length_validation_error(self): + # Valid IPv4-mapped IPv6 address, len 45. + addr = "0000:0000:0000:0000:0000:ffff:192.168.100.228" + + cases = [ + ({}, MAX_IPV6_ADDRESS_LENGTH), # Default value. + ({"max_length": len(addr) - 1}, len(addr) - 1), + ] + for kwargs, max_length in cases: + max_length_plus_one = max_length + 1 + msg = ( + f"Ensure this value has at most {max_length} characters (it has " + f"{max_length_plus_one}).'" + ) + with self.subTest(max_length=max_length): + f = GenericIPAddressField(**kwargs) + with self.assertRaisesMessage(ValidationError, msg): + f.clean("x" * max_length_plus_one) + with self.assertRaisesMessage( + ValidationError, "This is not a valid IPv6 address." + ): + f.clean(addr) + def test_generic_ipaddress_as_generic_not_required(self): f = GenericIPAddressField(required=False) self.assertEqual(f.clean(""), "") @@ -150,7 +180,8 @@ class GenericIPAddressFieldTest(SimpleTestCase): f.clean(" fe80::223:6cff:fe8a:2e8a "), "fe80::223:6cff:fe8a:2e8a" ) self.assertEqual( - f.clean(" 2a02::223:6cff:fe8a:2e8a "), "2a02::223:6cff:fe8a:2e8a" + f.clean(" " * MAX_IPV6_ADDRESS_LENGTH + " 2a02::223:6cff:fe8a:2e8a "), + "2a02::223:6cff:fe8a:2e8a", ) with self.assertRaisesMessage( ValidationError, "'This is not a valid IPv6 address.'" |