From 43391e5217c2d2c7f21c476739468730986be1cf Mon Sep 17 00:00:00 2001
From: Katie Byers <lobsterkatie@gmail.com>
Date: Thu, 30 Apr 2026 12:19:03 -0700
Subject: [PATCH 1/2] restrict values in ipv4 regex

---
 src/sentry/grouping/parameterization.py | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/src/sentry/grouping/parameterization.py b/src/sentry/grouping/parameterization.py
index 7ecf3c528f34ab..5a40f73d19e47f 100644
--- a/src/sentry/grouping/parameterization.py
+++ b/src/sentry/grouping/parameterization.py
@@ -236,8 +236,18 @@ def is_valid_ip(maybe_ip_str: str) -> bool:
             (::[fF]{4}:)? # Optional prefix mapping the IPv4 address which follows to IPv6 format
             (
                 \b
-                (\d{1,3}\.){3} # Three sets of 1-3 digits, each followed by a literal dot
-                \d{1,3} # Final set of 1-3 digits
+                # Three numbers from 0-255, each followed by a literal dot, no leading zeros allowed
+                (
+                    (
+                        \d | # 0-9
+                        [1-9]\d | # 10-99
+                        1\d{2} | # 100-199
+                        2[0-4]\d | # 200-249
+                        25[0-5] # 250-255
+                    )\.
+                ){3}
+                # Final number from 0-255 (same pattern alternatives as above)
+                (\d | [1-9]\d | 1\d{2} | 2[0-4]\d | 25[0-5])
                 (/\d{1,2})? # Optional CIDR suffix
                 \b
             )

From 46ce9a94b3d2be9a0b43d6a29ffc5a848cae378f Mon Sep 17 00:00:00 2001
From: Katie Byers <lobsterkatie@gmail.com>
Date: Thu, 30 Apr 2026 12:19:03 -0700
Subject: [PATCH 2/2] fix tests

---
 tests/sentry/grouping/test_parameterization.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tests/sentry/grouping/test_parameterization.py b/tests/sentry/grouping/test_parameterization.py
index da0ab70b79c630..13898371bbd30d 100644
--- a/tests/sentry/grouping/test_parameterization.py
+++ b/tests/sentry/grouping/test_parameterization.py
@@ -802,8 +802,8 @@ def test_replacement_callback_false_positive_triggers_individual_regex_fallback(
     ("ip - single leading colon", "Script error. :0:0", False),
     ("ip - single trailing colon", "12::31:", False),
     ("ip - too few segments", "12:31:99", True),
-    ("ip - v4 leading zeros", "11.21.12.001", True),
-    ("ip - v4 segment > 255", "12.31.12.908", True),
+    ("ip - v4 leading zeros", "11.21.12.001", False),
+    ("ip - v4 segment > 255", "12.31.12.908", False),
     ("ip - v4 too many segments", "11.21.12.31.12", True),
     ("date - colon btwn date and time", "21/Nov/2012:12:31:12", True),
 ]