Regex fix updates

pyproject.toml

@@ -0,0 +1,12 @@
+[project]
+name = "SafeURL"
+version="1.2"
+description="SafeURL is a library that aids developers in protecting against a class of vulnerabilities known as Server Side Request Forgery."
+readme="README.md"
+dependencies = [
+    "pycurl",
+    "netaddr"
+]
+
+[project.urls]
+"Homepage" = "https://github.com/IncludeSecurity/safeurl-python"

safeurl/safeurl.py

@@ -12,21 +12,12 @@
 from numbers import Number
 from socket import gethostbyname_ex
 
-import re
 import netaddr
 import pycurl
 import socket
-import StringIO
-
-# Python 2.7/3 urlparse
-try:
-    # Python 2.7
-    from urlparse import urlparse
-    from urllib import quote
-except:
-    # Python 3
-    from urllib.parse import urlparse
-    from urllib.parse import quote
+import io
+from urllib.parse import urlparse
+from urllib.parse import quote
 
 class ObsoletePyCurlException(Exception): pass
 class InvalidOptionException(Exception): pass
@@ -204,10 +195,9 @@ def isInList(self, lst, type_, value):
             else:
                 return False
 
-        # For domains, a regex match is needed
         if type_ == "domain":
             for domain in dst:
-                if re.match("(?i)^%s" % domain, value) is not None:
+                if domain.lower() == value.lower():
                     return True
             return False
         else:
@@ -661,7 +651,7 @@ def execute(self, url):
             self._handle.setopt(pycurl.URL, url["cleanUrl"])
 
             # Execute the cURL request
-            response = StringIO.StringIO()
+            response = io.BytesIO()
             self._handle.setopt(pycurl.OPENSOCKETFUNCTION, self._openSocketCallback)
             self._handle.setopt(pycurl.WRITEFUNCTION, response.write)
             self._handle.perform()

safeurl/safeurl_tests.py

@@ -6,7 +6,7 @@
     sc = safeurl.SafeURL()
     res = sc.execute("https://fin1te.net")
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 # options
 try:
@@ -20,13 +20,13 @@
     sc.setOptions(opt)
     res = sc.execute("http://www.youtube.com")
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 # url
 try:
     url = safeurl.Url.validateUrl("http://google.com", safeurl.Options())
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 # redirects
 try:
@@ -38,7 +38,7 @@
 
     res = sc.execute("http://fin1te.net")
 except:
-    print "Unexpected error:", sys.exc_info()
+    print("Unexpected error:", sys.exc_info())
 
 
 # forbidden host
@@ -51,4 +51,20 @@
 
     res = sc.execute("http://localhost")
 except:
-    print "Error:", sys.exc_info()
+    print("Error:", sys.exc_info())
+
+
+# regex bug
+try:
+    sc = safeurl.SafeURL()
+
+    opt = safeurl.Options()
+    opt.setList("whitelist", ["exam.le"], "domain")
+    sc.setOptions(opt)
+
+    res = sc.execute("https://example.com/")
+
+except:
+    print("Error:", sys.exc_info())
+
+