[jira] [Commented] (VALIDATOR-410) Failure cases for UrlValidator

2017-06-26 Thread Asankhaya Sharma (JIRA) 

[ 
https://issues.apache.org/jira/browse/VALIDATOR-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=16064199#comment-16064199
 ] 

Asankhaya Sharma commented on VALIDATOR-410:


The BNF URL grammar used in the tests is given here: 
https://github.com/codelion/gramtest/blob/master/src/test/resources/url.bnf

And it was based of https://www.w3.org/Addressing/URL/5_BNF.html

I think if we try to parse the URL using a RegEx it is bound to have some 
limitations. In fact I also found few other JS libraries also that miss valid 
generated test cases e.g. https://github.com/segmentio/is-url/issues/15 and 
https://github.com/gajus/url-regexp/issues/6

> Failure cases for UrlValidator 
> ---
>
> Key: VALIDATOR-410
> URL: https://issues.apache.org/jira/browse/VALIDATOR-410
> Project: Commons Validator
>  Issue Type: Bug
>Affects Versions: 1.5.1
>Reporter: Asankhaya Sharma
>Priority: Minor
>
> I was trying to check how closely the UrlValidator implements the URL grammar 
> as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed 
> the UrlValidator with GramTest, a grammar based test case generation tool 
> (https://github.com/codelion/gramtest). 
> I found that in the latest version 1.5.1, the UrlValidator fails to validate 
> the following strings:
> {{"ftp:///+"}}
> {{"mailto:%FF@Z"}}
> These two strings may seem a bit strange, but I verified manually that they 
> are allowed by the grammar given in the RFC (see also 
> https://www.w3.org/Addressing/URL/5_BNF.html). 
> Furthermore, it is possible to create the following URLs in Java without 
> throwing a {{MalformedUrlException}}:
> {code}
> new URL("ftp:///+;);
> new URL("mailto:%FF@Z;);
> {code}
> however, the UrlValidator returns false for these strings:
> {code}
> UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES + 
> UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
> validator.isValid("ftp:///+;); // returns false
> validator.isValid("mailto:%FF@Z;); // returns false
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

[jira] [Created] (VALIDATOR-410) Failure cases for UrlValidator

2017-01-02 Thread Asankhaya Sharma (JIRA) 
Asankhaya Sharma created VALIDATOR-410:
--

 Summary: Failure cases for UrlValidator 
 Key: VALIDATOR-410
 URL: https://issues.apache.org/jira/browse/VALIDATOR-410
 Project: Commons Validator
  Issue Type: Bug
Affects Versions: 1.5.1
Reporter: Asankhaya Sharma
Priority: Minor


I was trying to check how closely the UrlValidator implements the URL grammar 
as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed 
the UrlValidator with GramTest, a grammar based test case generation tool 
(https://github.com/codelion/gramtest). 

I found that in the latest version 1.5.1, the UrlValidator fails to validate 
the following strings:

{{"ftp:///+"}}
{{"mailto:%FF@Z"}}

These two strings may seem a bit strange, but I verified manually that they are 
allowed by the grammar given in the RFC (see also 
https://www.w3.org/Addressing/URL/5_BNF.html). 

Furthermore, it is possible to create the following URLs in Java without 
throwing a {{MalformedUrlException}}:

{code}
new URL("ftp:///+;);
new URL("mailto:%FF@Z;);
{code}

however, the UrlValidator returns false for these strings:

{code}
UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES + 
UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
validator.isValid("ftp:///+;); // returns false
validator.isValid("mailto:%FF@Z;); // returns false
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)