Details

    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.5.1
    • Fix Version/s: None
    • Component/s: None
    • Labels:
      None

      Description

      I was trying to check how closely the UrlValidator implements the URL grammar as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed the UrlValidator with GramTest, a grammar based test case generation tool (https://github.com/codelion/gramtest).

      I found that in the latest version 1.5.1, the UrlValidator fails to validate the following strings:

      "ftp:///+"
      "mailto:%FF@Z"

      These two strings may seem a bit strange, but I verified manually that they are allowed by the grammar given in the RFC (see also https://www.w3.org/Addressing/URL/5_BNF.html).

      Furthermore, it is possible to create the following URLs in Java without throwing a MalformedUrlException:

      new URL("ftp:///+");
      new URL("mailto:%FF@Z");
      

      however, the UrlValidator returns false for these strings:

      UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES + UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
      validator.isValid("ftp:///+"); // returns false
      validator.isValid("mailto:%FF@Z"); // returns false
      

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              codelion Asankhaya Sharma
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: