Asankhaya Sharma created VALIDATOR-410:
------------------------------------------
Summary: Failure cases for UrlValidator
Key: VALIDATOR-410
URL: https://issues.apache.org/jira/browse/VALIDATOR-410
Project: Commons Validator
Issue Type: Bug
Affects Versions: 1.5.1
Reporter: Asankhaya Sharma
Priority: Minor
I was trying to check how closely the UrlValidator implements the URL grammar
as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed
the UrlValidator with GramTest, a grammar based test case generation tool
(https://github.com/codelion/gramtest).
I found that in the latest version 1.5.1, the UrlValidator fails to validate
the following strings:
{{"ftp:///+"}}
{{"mailto:%FF@Z"}}
These two strings may seem a bit strange, but I verified manually that they are
allowed by the grammar given in the RFC (see also
https://www.w3.org/Addressing/URL/5_BNF.html).
Furthermore, it is possible to create the following URLs in Java without
throwing a {{MalformedUrlException}}:
{code}
new URL("ftp:///+";);
new URL("mailto:%FF@Z";);
{code}
however, the UrlValidator returns false for these strings:
{code}
UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES +
UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
validator.isValid("ftp:///+";); // returns false
validator.isValid("mailto:%FF@Z";); // returns false
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
