diff options
| author | Michael Manfre <mike@manfre.net> | 2024-12-11 21:39:32 -0500 |
|---|---|---|
| committer | Natalia <124304+nessita@users.noreply.github.com> | 2025-01-14 08:42:24 -0300 |
| commit | ca2be7724e1244a4cb723de40a070f873c6e94bf (patch) | |
| tree | a9a2fd0652af954413e06a578624a7fb91de1533 /tests/utils_tests | |
| parent | 9a2dd9789a2edeed7344a8ec0d17142ad27443a1 (diff) | |
Fixed CVE-2024-56374 -- Mitigated potential DoS in IPv6 validation.
Thanks Saravana Kumar for the report, and Sarah Boyce and Mariusz
Felisiak for the reviews.
Co-authored-by: Natalia <124304+nessita@users.noreply.github.com>
Diffstat (limited to 'tests/utils_tests')
| -rw-r--r-- | tests/utils_tests/test_ipv6.py | 31 |
1 files changed, 28 insertions, 3 deletions
diff --git a/tests/utils_tests/test_ipv6.py b/tests/utils_tests/test_ipv6.py index bf78ed91c0..1754c7b356 100644 --- a/tests/utils_tests/test_ipv6.py +++ b/tests/utils_tests/test_ipv6.py @@ -1,9 +1,16 @@ -import unittest +import traceback +from io import StringIO -from django.utils.ipv6 import clean_ipv6_address, is_valid_ipv6_address +from django.core.exceptions import ValidationError +from django.test import SimpleTestCase +from django.utils.ipv6 import ( + MAX_IPV6_ADDRESS_LENGTH, + clean_ipv6_address, + is_valid_ipv6_address, +) -class TestUtilsIPv6(unittest.TestCase): +class TestUtilsIPv6(SimpleTestCase): def test_validates_correct_plain_address(self): self.assertTrue(is_valid_ipv6_address("fe80::223:6cff:fe8a:2e8a")) self.assertTrue(is_valid_ipv6_address("2a02::223:6cff:fe8a:2e8a")) @@ -64,3 +71,21 @@ class TestUtilsIPv6(unittest.TestCase): self.assertEqual( clean_ipv6_address("::ffff:18.52.18.52", unpack_ipv4=True), "18.52.18.52" ) + + def test_address_too_long(self): + addresses = [ + "0000:0000:0000:0000:0000:ffff:192.168.100.228", # IPv4-mapped IPv6 address + "0000:0000:0000:0000:0000:ffff:192.168.100.228%123456", # % scope/zone + "fe80::223:6cff:fe8a:2e8a:1234:5678:00000", # MAX_IPV6_ADDRESS_LENGTH + 1 + ] + msg = "This is the error message." + value_error_msg = "Unable to convert %s to an IPv6 address (value too long)." + for addr in addresses: + with self.subTest(addr=addr): + self.assertGreater(len(addr), MAX_IPV6_ADDRESS_LENGTH) + self.assertEqual(is_valid_ipv6_address(addr), False) + with self.assertRaisesMessage(ValidationError, msg) as ctx: + clean_ipv6_address(addr, error_message=msg) + exception_traceback = StringIO() + traceback.print_exception(ctx.exception, file=exception_traceback) + self.assertIn(value_error_msg % addr, exception_traceback.getvalue()) |