commons-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Asankhaya Sharma (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (VALIDATOR-410) Failure cases for UrlValidator
Date Tue, 27 Jun 2017 03:31:01 GMT

    [ https://issues.apache.org/jira/browse/VALIDATOR-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16064199#comment-16064199
] 

Asankhaya Sharma commented on VALIDATOR-410:
--------------------------------------------

The BNF URL grammar used in the tests is given here: https://github.com/codelion/gramtest/blob/master/src/test/resources/url.bnf

And it was based of https://www.w3.org/Addressing/URL/5_BNF.html

I think if we try to parse the URL using a RegEx it is bound to have some limitations. In
fact I also found few other JS libraries also that miss valid generated test cases e.g. https://github.com/segmentio/is-url/issues/15
and https://github.com/gajus/url-regexp/issues/6

> Failure cases for UrlValidator 
> -------------------------------
>
>                 Key: VALIDATOR-410
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-410
>             Project: Commons Validator
>          Issue Type: Bug
>    Affects Versions: 1.5.1
>            Reporter: Asankhaya Sharma
>            Priority: Minor
>
> I was trying to check how closely the UrlValidator implements the URL grammar as described
by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed the UrlValidator with GramTest,
a grammar based test case generation tool (https://github.com/codelion/gramtest). 
> I found that in the latest version 1.5.1, the UrlValidator fails to validate the following
strings:
> {{"ftp:///+"}}
> {{"mailto:%FF@Z"}}
> These two strings may seem a bit strange, but I verified manually that they are allowed
by the grammar given in the RFC (see also https://www.w3.org/Addressing/URL/5_BNF.html). 
> Furthermore, it is possible to create the following URLs in Java without throwing a {{MalformedUrlException}}:
> {code}
> new URL("ftp:///+");
> new URL("mailto:%FF@Z");
> {code}
> however, the UrlValidator returns false for these strings:
> {code}
> UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES + UrlValidator.ALLOW_2_SLASHES
+ UrlValidator.ALLOW_LOCAL_URLS);
> validator.isValid("ftp:///+"); // returns false
> validator.isValid("mailto:%FF@Z"); // returns false
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Mime
View raw message