[
https://issues.apache.org/jira/browse/VALIDATOR-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16064199#comment-16064199
]
Asankhaya Sharma commented on VALIDATOR-410:
The BNF URL grammar used in the tests is given here:
https://github.com/codelion/gramtest/blob/master/src/test/resources/url.bnf
And it was based of https://www.w3.org/Addressing/URL/5_BNF.html
I think if we try to parse the URL using a RegEx it is bound to have some
limitations. In fact I also found few other JS libraries also that miss valid
generated test cases e.g. https://github.com/segmentio/is-url/issues/15 and
https://github.com/gajus/url-regexp/issues/6
> Failure cases for UrlValidator
> ---
>
> Key: VALIDATOR-410
> URL: https://issues.apache.org/jira/browse/VALIDATOR-410
> Project: Commons Validator
> Issue Type: Bug
>Affects Versions: 1.5.1
>Reporter: Asankhaya Sharma
>Priority: Minor
>
> I was trying to check how closely the UrlValidator implements the URL grammar
> as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed
> the UrlValidator with GramTest, a grammar based test case generation tool
> (https://github.com/codelion/gramtest).
> I found that in the latest version 1.5.1, the UrlValidator fails to validate
> the following strings:
> {{"ftp:///+"}}
> {{"mailto:%FF@Z"}}
> These two strings may seem a bit strange, but I verified manually that they
> are allowed by the grammar given in the RFC (see also
> https://www.w3.org/Addressing/URL/5_BNF.html).
> Furthermore, it is possible to create the following URLs in Java without
> throwing a {{MalformedUrlException}}:
> {code}
> new URL("ftp:///+;);
> new URL("mailto:%FF@Z;);
> {code}
> however, the UrlValidator returns false for these strings:
> {code}
> UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES +
> UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
> validator.isValid("ftp:///+;); // returns false
> validator.isValid("mailto:%FF@Z;); // returns false
> {code}
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)