Skip to content

Private ip addresses being validated with public=True #206

Closed
#245
Closed
Private ip addresses being validated with public=True#206
#245
Labels
bugIssue: Works not as designedoutdatedIssue/PR: Open for more than 3 months
@joaonevess

Description

@joaonevess
joaonevess
opened on May 6, 2022

https://github.com/kvesteri/validators/blob/4afa24372586aed4930e865d5904eed31013fe81/validators/url.py#L146

There is no guarantee that setting this flag to True will get a "public IP address". A domain might point to private IP addresses, (like vcap.me which points to 127.0.0.1), so trusting public=True could lead to security issues

>>> url("https://127.0.0.1", public=True)
False
>>> url("http://vcap.me", public=True)
True

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugIssue: Works not as designedoutdatedIssue/PR: Open for more than 3 months

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions