[jira] [Commented] (VALIDATOR-410) Failure cases for UrlValidator

Mon, 26 Jun 2017 00:33:20 -0700 

    [ 
https://issues.apache.org/jira/browse/VALIDATOR-410?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16062621#comment-16062621
 ] 

Bruno P. Kinoshita commented on VALIDATOR-410:
----------------------------------------------

Hi [~codelion],

Most issues at Apache Commons components I found via JIRA. This one I found 
from the GramtTest project page :-)

I am reading GramTest's code base to better understand how it works, and 
compare with afl and its genetics algorithms. I believe the priority given to 
this issue is correct, as there doesn't seem to be any risk in not parsing 
correctly the test cases mentioned.

What about the grammar used for the tests? Could you share that as well, 
please? That may be helpful to understand where it fails exactly to validate 
and why (and for me to continue learning about GramTest :)

Thanks
Bruno

> Failure cases for UrlValidator 
> -------------------------------
>
>                 Key: VALIDATOR-410
>                 URL: https://issues.apache.org/jira/browse/VALIDATOR-410
>             Project: Commons Validator
>          Issue Type: Bug
>    Affects Versions: 1.5.1
>            Reporter: Asankhaya Sharma
>            Priority: Minor
>
> I was trying to check how closely the UrlValidator implements the URL grammar 
> as described by the RFC 1738 (https://www.ietf.org/rfc/rfc1738.txt). I fuzzed 
> the UrlValidator with GramTest, a grammar based test case generation tool 
> (https://github.com/codelion/gramtest). 
> I found that in the latest version 1.5.1, the UrlValidator fails to validate 
> the following strings:
> {{"ftp:///+"}}
> {{"mailto:%FF@Z"}}
> These two strings may seem a bit strange, but I verified manually that they 
> are allowed by the grammar given in the RFC (see also 
> https://www.w3.org/Addressing/URL/5_BNF.html). 
> Furthermore, it is possible to create the following URLs in Java without 
> throwing a {{MalformedUrlException}}:
> {code}
> new URL("ftp:///+";);
> new URL("mailto:%FF@Z";);
> {code}
> however, the UrlValidator returns false for these strings:
> {code}
> UrlValidator validator = new UrlValidator(UrlValidator.ALLOW_ALL_SCHEMES + 
> UrlValidator.ALLOW_2_SLASHES + UrlValidator.ALLOW_LOCAL_URLS);
> validator.isValid("ftp:///+";); // returns false
> validator.isValid("mailto:%FF@Z";); // returns false
> {code}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to