IPv4 regex can match any arbitrary value

[jimmy-lt]

A ValueError is raised when trying to validate the host as an IPv4:

Traceback (most recent call last):
  File "/lib/python3.7/site-packages/rfc3986/uri.py", line 354, in normalize
    (self.userinfo, self.host, self.port)),
  File "/lib/python3.7/site-packages/rfc3986/uri.py", line 198, in userinfo
    authority = self.authority_info()
  File "/lib/python3.7/site-packages/rfc3986/uri.py", line 169, in authority_info
    validators.valid_ipv4_host_address(host)):
  File "/lib/python3.7/site-packages/rfc3986/validators.py", line 376, in valid_ipv4_host_address
    return all([0 <= int(byte, base=10) <= 255 for byte in host.split('.')])
  File "/lib/python3.7/site-packages/rfc3986/validators.py", line 376, in <listcomp>
    return all([0 <= int(byte, base=10) <= 255 for byte in host.split('.')])
ValueError: invalid literal for int() with base 10: '6g9m8V6'

Indeed, when the value 6g9m8V6 is tested against the current regex ([0-9]{1,3}.){3}[0-9]{1,3}, it matches. This is due to the . symbol not being escaped so it can match any character what fades out the goal of only matching IPv4 addresses.

A corrected regex can be: ([0-9]{1,3}\.){3}[0-9]{1,3}.

[sethmlarson]

Great catch! I had my suspicions about these regexes. And what a very specific host to trigger this issue.