Skip to content

Commit

Permalink
Stricter validation on non-printable characters (#978)
Browse files Browse the repository at this point in the history
  • Loading branch information
mxsasha authored Dec 2, 2024
1 parent ad4e91b commit e65fe70
Show file tree
Hide file tree
Showing 3 changed files with 15 additions and 3 deletions.
1 change: 1 addition & 0 deletions docs/releases/4.5.0.rst
Original file line number Diff line number Diff line change
Expand Up @@ -80,3 +80,4 @@ Other changes
was added, to force an authoritative database into non-strict mode.
As it's name notes, this disables many checks and all referential integrity
and is therefore strongly discouraged.
* Most non-printable characters are now stripped from all RPSL attribute values.
14 changes: 12 additions & 2 deletions irrd/rpsl/fields.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import datetime
import re
import sys
from typing import Optional
from urllib.parse import urlparse

Expand All @@ -18,7 +19,7 @@

# This regex is not designed to catch every possible invalid variation,
# but rather meant to protect against unintentional mistakes.
# # Validate local-part @ domain | or IPv4 address | or IPv6
# # Validate local-part @ domain | or IPv4 address | or IPv6
re_email = re.compile(
r"^[A-Z0-9$!#%&\"*+\/=?^_`{|}~\\.-]+@(([A-Z0-9\\.-]+)|(\[\d+\.\d+\.\d+\.\d+\])|(\[[A-f\d:]+\]))$",
re.IGNORECASE,
Expand Down Expand Up @@ -54,6 +55,15 @@
]
reserved_prefixes = ["AS-", "RS-", "RTRS-", "FLTR-", "PRNG-"]

ALLOWED_CONTROL_CHARS = {"\n", "\r", "\t", "\u200d"}
NOPRINT_TRANS_TABLE = str.maketrans(
{
i: None
for i in range(0, sys.maxunicode + 1)
if not chr(i).isprintable() and chr(i) not in ALLOWED_CONTROL_CHARS
}
)

"""
Fields for RPSL data.
Expand Down Expand Up @@ -102,7 +112,7 @@ def __init__(
def parse(
self, value: str, messages: RPSLParserMessages, strict_validation=True
) -> Optional[RPSLFieldParseResult]:
return RPSLFieldParseResult(value)
return RPSLFieldParseResult(value.translate(NOPRINT_TRANS_TABLE))


class RPSLFieldListMixin:
Expand Down
3 changes: 2 additions & 1 deletion irrd/rpsl/tests/test_fields.py
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,8 @@ def assert_validation_err(expected_errors, callable, *args, **kwargs):
def test_rpsl_text_field():
field = RPSLTextField()
messages = RPSLParserMessages()
assert field.parse("AS-FOO$", messages).value, "AS-FOO$"
# U+200F is RTL marker, U+200B zero width space
assert field.parse("AS-FOO🎉🏳️‍🌈\u200f\u200b\x07$ \t", messages).value == "AS-FOO🎉🏳️‍🌈$ \t"
assert not messages.errors()


Expand Down

0 comments on commit e65fe70

Please sign in to comment.