From f868881b3d6c59c299966116589d389e9b576e6b Mon Sep 17 00:00:00 2001 From: Aleksandr Gumroian Date: Fri, 28 Jan 2022 17:19:30 +0300 Subject: [PATCH 1/3] Improve domain name RegEx pattern Previously validateDomain() function was used for hostname validations but was weak in a chain of validations, for example, domain -> ipv4 as it accepts invalid IPv4 addresses. So we had to split it, improve the domain name RegEx pattern and add a hostname validation pattern. --- src/utils/validations.js | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/utils/validations.js b/src/utils/validations.js index 12671df..a70b18e 100644 --- a/src/utils/validations.js +++ b/src/utils/validations.js @@ -23,7 +23,7 @@ const REs = { IPv4: /^((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$/, IPv6: /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/, IPv6Prefix: /^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$/, - domain: /^[A-Za-z0-9][A-Za-z0-9.-]{1,255}$/, + domain: /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/, DUID: /^([0-9a-fA-F]{2}){4}([0-9a-fA-F]{2})*$/, MAC: /^([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2}$/, MultipleEmails: /^([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+ *)( *, *[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+ *)*$/, From 7ceccd5222e2d9ce0038bb2964c65dcc1c845695 Mon Sep 17 00:00:00 2001 From: Aleksandr Gumroian Date: Fri, 28 Jan 2022 17:23:45 +0300 Subject: [PATCH 2/3] Add hostname RegEx pattern & validateHostname() function --- src/index.js | 1 + src/utils/validations.js | 6 +++++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/index.js b/src/index.js index 2abb36e..ee7edad 100644 --- a/src/index.js +++ b/src/index.js @@ -82,6 +82,7 @@ export { validateIPv6Address, validateIPv6Prefix, validateDomain, + validateHostname, validateDUID, validateMAC, validateMultipleEmails, diff --git a/src/utils/validations.js b/src/utils/validations.js index a70b18e..fb358a4 100644 --- a/src/utils/validations.js +++ b/src/utils/validations.js @@ -1,5 +1,5 @@ /* - * Copyright (C) 2019 CZ.NIC z.s.p.o. (http://www.nic.cz/) + * Copyright (C) 2019-2022 CZ.NIC z.s.p.o. (https://www.nic.cz/) * * This is free software, licensed under the GNU General Public License v3. * See /LICENSE for more information. @@ -14,6 +14,7 @@ export const ERROR_MESSAGES = { IPv6: _("This is not a valid IPv6 address."), IPv6Prefix: _("This is not a valid IPv6 prefix."), domain: _("This is not a valid domain name."), + hostname: _("This is not a valid hostname."), DUID: _("This is not a valid DUID."), MAC: _("This is not a valid MAC address."), MultipleEmails: _("Doesn't contain a list of emails separated by commas."), @@ -24,6 +25,7 @@ const REs = { IPv6: /^(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))$/, IPv6Prefix: /^s*((([0-9A-Fa-f]{1,4}:){7}([0-9A-Fa-f]{1,4}|:))|(([0-9A-Fa-f]{1,4}:){6}(:[0-9A-Fa-f]{1,4}|((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){5}(((:[0-9A-Fa-f]{1,4}){1,2})|:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3})|:))|(([0-9A-Fa-f]{1,4}:){4}(((:[0-9A-Fa-f]{1,4}){1,3})|((:[0-9A-Fa-f]{1,4})?:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){3}(((:[0-9A-Fa-f]{1,4}){1,4})|((:[0-9A-Fa-f]{1,4}){0,2}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){2}(((:[0-9A-Fa-f]{1,4}){1,5})|((:[0-9A-Fa-f]{1,4}){0,3}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(([0-9A-Fa-f]{1,4}:){1}(((:[0-9A-Fa-f]{1,4}){1,6})|((:[0-9A-Fa-f]{1,4}){0,4}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:))|(:(((:[0-9A-Fa-f]{1,4}){1,7})|((:[0-9A-Fa-f]{1,4}){0,5}:((25[0-5]|2[0-4]d|1dd|[1-9]?d)(.(25[0-5]|2[0-4]d|1dd|[1-9]?d)){3}))|:)))(%.+)?s*(\/([0-9]|[1-9][0-9]|1[0-1][0-9]|12[0-8]))$/, domain: /^([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}$/, + hostname: /^[a-z\d]([a-z\d-]{0,61}[a-z\d])?(\.[a-z\d]([a-z\d-]{0,61}[a-z\d])?)*$/i, DUID: /^([0-9a-fA-F]{2}){4}([0-9a-fA-F]{2})*$/, MAC: /^([a-fA-F0-9]{2}:){5}[a-fA-F0-9]{2}$/, MultipleEmails: /^([a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+ *)( *, *[a-zA-Z0-9_.+-]+@[a-zA-Z0-9-]+\.[a-zA-Z0-9-.]+ *)*$/, @@ -40,6 +42,7 @@ const validateIPv4Address = createValidator("IPv4"); const validateIPv6Address = createValidator("IPv6"); const validateIPv6Prefix = createValidator("IPv6Prefix"); const validateDomain = createValidator("domain"); +const validateHostname = createValidator("hostname"); const validateDUID = createValidator("DUID"); const validateMAC = createValidator("MAC"); const validateMultipleEmails = createValidator("MultipleEmails"); @@ -49,6 +52,7 @@ export { validateIPv6Address, validateIPv6Prefix, validateDomain, + validateHostname, validateDUID, validateMAC, validateMultipleEmails, From 7ec1c46a63c0dcea9d63c9ce0ac8b0568e5921a6 Mon Sep 17 00:00:00 2001 From: Aleksandr Gumroian Date: Fri, 28 Jan 2022 17:45:42 +0300 Subject: [PATCH 3/3] Add tests for hostname validation --- src/form/__tests__/validation.test.js | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/src/form/__tests__/validation.test.js b/src/form/__tests__/validation.test.js index 94de278..ac42e29 100644 --- a/src/form/__tests__/validation.test.js +++ b/src/form/__tests__/validation.test.js @@ -1,16 +1,17 @@ /* - * Copyright (C) 2019 CZ.NIC z.s.p.o. (http://www.nic.cz/) + * Copyright (C) 2019-2022 CZ.NIC z.s.p.o. (https://www.nic.cz/) * * This is free software, licensed under the GNU General Public License v3. * See /LICENSE for more information. */ import { - validateDomain, - validateDUID, validateIPv4Address, validateIPv6Address, validateIPv6Prefix, + validateDomain, + validateHostname, + validateDUID, validateMAC, } from "utils/validations"; @@ -68,6 +69,15 @@ describe("Validation functions", () => { expect(validateDomain(".")).not.toBe(undefined); }); + it("validateHostname valid", () => { + expect(validateHostname("new-android")).toBe(undefined); + expect(validateHostname("local")).toBe(undefined); + }); + it("validateHostname invalid", () => { + expect(validateHostname("-android")).not.toBe(undefined); + expect(validateHostname("local.")).not.toBe(undefined); + }); + it("validateDUID valid", () => { expect(validateDUID("abcdefAB")).toBe(undefined); expect(validateDUID("ABCDEF12")).toBe(undefined);