starred/netbox
1
0
Fork 0
mirror of https://github.com/netbox-community/netbox.git synced 2026-04-12 04:00:02 +02:00
Code Issues 273 Packages Projects Releases 10 Wiki Activity

feat(utilities): Align EnhancedURLValidator auth regex with Django

Browse Source 
Tighten the HTTP basic auth portion of EnhancedURLValidator to match
Django's URLValidator. Exclude `:`, `@`, and `/` from username/password
segments so malformed credential strings are no longer accepted.

Fixes #21720
This commit is contained in:
Martin Hauser
2026-04-02 15:29:10 +02:00
parent a06a300913
commit 442a2ead86
1 changed files with 5 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
netbox/utilities/validators.py
View File

@@ -31,11 +31,11 @@ class EnhancedURLValidator(URLValidator):
fqdn_re = URLValidator.hostname_re + URLValidator.domain_re + URLValidator.tld_re
host_res = [URLValidator.ipv4_re, URLValidator.ipv6_re, fqdn_re, URLValidator.hostname_re]
regex = _lazy_re_compile(
r'^(?:[a-z0-9\.\-\+]*)://' # Scheme (enforced separately)
r'(?:\S+(?::\S*)?@)?' # HTTP basic authentication
r'(?:' + '|'.join(host_res) + ')' # IPv4, IPv6, FQDN, or hostname
r'(?::\d{1,5})?' # Port number
r'(?:[/?#][^\s]*)?' # Path
r'^(?:[a-z0-9\.\-\+]*)://' # Scheme (enforced separately)
r'(?:[^\s:@/]+(?::[^\s:@/]*)?@)?' # HTTP basic authentication
r'(?:' + '|'.join(host_res) + ')' # IPv4, IPv6, FQDN, or hostname
r'(?::\d{1,5})?' # Port number
r'(?:[/?#][^\s]*)?' # Path
r'\Z', re.IGNORECASE)
schemes = None