Uploaded image for project: 'Commons Validator'
  1. Commons Validator
  2. VALIDATOR-410

Failure cases for UrlValidator

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Minor
    • Resolution: Invalid
    • 1.5.1
    • None
    • None
    • None

    Description

      I was trying to check how closely the UrlValidator implements the URL grammar as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed the UrlValidator with GramTest, a grammar based test case generation tool (https://github.com/codelion/gramtest).

      I found that in the latest version 1.5.1, the UrlValidator fails to validate the following strings:

      "ftp:///+"
      "mailto:%FF@Z"

      These two strings may seem a bit strange, but I verified manually that they are allowed by the grammar given in the RFC (see also https://www.w3.org/Addressing/URL/5_BNF.html).

      Furthermore, it is possible to create the following URLs in Java without throwing a MalformedUrlException:

      new URL("ftp:///+");
new URL("mailto:%FF@Z");

      however, the UrlValidator returns false for these strings:

      UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES + UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
validator.isValid("ftp:///+"); // returns false
validator.isValid("mailto:%FF@Z"); // returns false

      Attachments

        Activity

          People

            Unassigned Unassigned
            codelion Asankhaya Sharma
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: