IPAddressArgumentValueValidator improvements

Improved the IP address argument value validator to catch additional
types of malformed IPv4 addresses that were previously accepted.
Also, improved performance when validating IPv4 addresses.

Author: dirmgr

docs/release-notes.html

@@ -70,6 +70,13 @@ <h3>Version 7.0.3</h3>
                   <br><br>
                 </li>
 
+                <li>
+                  Improved the IP address argument value validator to catch additional types of
+                  malformed IPv4 addresses that were previously accepted.  Also, improved
+                  performance when validating IPv4 addresses.
+                  <br><br>
+                </li>
+
                 <li>
                   Updated client-side support for the Ping Identity Directory Server's version
                   monitor entry to handle attributes used to indicate whether the server is running

messages/unboundid-ldapsdk-args.properties

@@ -418,9 +418,8 @@ ERR_TIMESTAMP_RANGE_VALIDATOR_TOO_NEW=The provided value ''{0}'' for \
 ERR_IP_VALIDATOR_ILLEGAL_IPV6_CHAR=Value ''{0}'' provided for argument \
   ''{1}'' is not acceptable because it is suspected to be an IPv6 address \
   but contains ''{0}'' that is not allowed to appear in IPv6 addresses.
-ERR_IP_VALIDATOR_ILLEGAL_IPV4_CHAR=Value ''{0}'' provided for argument \
-  ''{1}'' is not acceptable because it is suspected to be an IPv4 address \
-  but contains ''{0}'' that is not allowed to appear in IPv4 addresses.
+ERR_IP_VALIDATOR_INVALID_IPV4_ADDRESS=Value ''{0}'' provided for argument \
+  ''{1}'' is not acceptable because it appears to be a malformed IPv4 address.
 ERR_IP_VALIDATOR_MALFORMED=Value ''{0}'' provided for argument ''{1}'' is \
   not a valid IP address.
 ERR_IP_VALIDATOR_IPV4_NOT_ACCEPTED=Value ''{0}'' provided for argument \

src/com/unboundid/util/args/IPAddressArgumentValueValidator.java

@@ -173,20 +173,31 @@ public void validateArgumentValue(@NotNull final Argument argument,
                valueString, argument.getIdentifierString(), c));
         }
       }
+
+
+      // If we've gotten here, then we know that the value string contains only
+      // characters that are allowed in an IPv6 address literal.  Let
+      // InetAddress.getByName do the heavy lifting for the rest of the
+      // validation.
+      try
+      {
+        LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(valueString);
+      }
+      catch (final Exception e)
+      {
+        Debug.debugException(e);
+        throw new ArgumentException(
+             ERR_IP_VALIDATOR_MALFORMED.get(valueString,
+                  argument.getIdentifierString()),
+             e);
+      }
     }
     else if (valueString.indexOf('.') >= 0)
     {
-      for (final char c : valueString.toCharArray())
+      if (! isValidNumericIPv4Address(valueString))
       {
-        if ((c == '.') || ((c >= '0') && (c <= '9')))
-        {
-          // This character is allowed in an IPv4 address.
-        }
-        else
-        {
-          throw new ArgumentException(ERR_IP_VALIDATOR_ILLEGAL_IPV4_CHAR.get(
-               valueString, argument.getIdentifierString(), c));
-        }
+        throw new ArgumentException(ERR_IP_VALIDATOR_INVALID_IPV4_ADDRESS.get(
+             valueString, argument.getIdentifierString()));
       }
     }
     else
@@ -196,24 +207,6 @@ else if (valueString.indexOf('.') >= 0)
     }
 
 
-    // If we've gotten here, then we know that the value string contains only
-    // characters that are allowed in IP address literal.  Let
-    // InetAddress.getByName do the heavy lifting for the rest of the
-    // validation.
-    try
-    {
-      LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(valueString);
-    }
-    catch (final Exception e)
-    {
-      Debug.debugException(e);
-      throw new ArgumentException(
-           ERR_IP_VALIDATOR_MALFORMED.get(valueString,
-                argument.getIdentifierString()),
-           e);
-    }
-
-
     if (isIPv6)
     {
       if (! acceptIPv6Addresses)
@@ -263,28 +256,77 @@ public static boolean isValidNumericIPv4Address(@Nullable final String s)
       return false;
     }
 
+    final StringBuilder octetBuffer = new StringBuilder();
+
+    int numPeriodsFound = 0;
     for (final char c : s.toCharArray())
     {
-      if ((c == '.') || ((c >= '0') && (c <= '9')))
+      if (c == '.')
       {
-        // This character is allowed in an IPv4 address.
+        if (! isValidNumericIPv4AddressOctet(octetBuffer.toString()))
+        {
+          return false;
+        }
+
+        numPeriodsFound++;
+        octetBuffer.setLength(0);
       }
       else
       {
-        return false;
+        octetBuffer.append(c);
       }
     }
 
+    if (numPeriodsFound != 3)
+    {
+      return false;
+    }
+
+    if (! isValidNumericIPv4AddressOctet(octetBuffer.toString()))
+    {
+      return false;
+    }
+
+    return true;
+  }
+
+
+
+  /**
+   * Indicates whether the provided string represents a valid octet within an
+   * IPv4 address.
+   *
+   * @param  s  The string for which to make the determination.
+   *
+   * @return  {@code true} if the provided string represents a valid IPv4
+   *          address octet, or {@code false} if not.
+   */
+  private static boolean isValidNumericIPv4AddressOctet(@NotNull final String s)
+  {
+    if (s.isEmpty())
+    {
+      // The octet cannot be empty.
+      return false;
+    }
+
     try
     {
-      LDAPConnectionOptions.DEFAULT_NAME_RESOLVER.getByName(s);
-      return true;
+      final int octetValue = Integer.parseInt(s);
+      if ((octetValue < 0) || (octetValue > 255))
+      {
+        // The octet value is out of range.
+        return false;
+      }
     }
-    catch (final Exception e)
+    catch (final NumberFormatException e)
     {
       Debug.debugException(e);
+
+      // The address has a non-numeric octet.
       return false;
     }
+
+    return true;
   }
 
 

tests/unit/src/com/unboundid/util/args/IPAddressArgumentValueValidatorTestCase.java

@@ -392,6 +392,111 @@ public Object[][] getTestData()
         false
       },
 
+      new Object[]
+      {
+        "1.2.3",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3.",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        ".1.2.3",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.x.4",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3.x",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3.4.",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3.4.5",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1234.5.6.7",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2345.6.7",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3456.7",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3.4567",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "-1.2.3.4",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.-2.3.4",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.-3.4",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3.-4",
+        false,
+        false
+      },
+
       new Object[]
       {
         "1..2..3..4",
@@ -406,6 +511,27 @@ public Object[][] getTestData()
         false
       },
 
+      new Object[]
+      {
+        "1..2.3.4",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2..3.4",
+        false,
+        false
+      },
+
+      new Object[]
+      {
+        "1.2.3..4",
+        false,
+        false
+      },
+
       new Object[]
       {
         "::",