#3885 implement simpler regex for host validation

2 files changed, 7 insertions, 32 deletions

diff --git a/mitmproxy/net/check.py b/mitmproxy/net/check.py
index 32e733af..ffb5e163 100644
--- a/mitmproxy/net/check.py
+++ b/mitmproxy/net/check.py
@@ -1,24 +1,9 @@
 import ipaddress
 import re
 
-"""
-The rules for host names are different from DNS Names (aka "Label").
-DNS Names allow for hyphens and underscores (RFC-2872).
-Hostnames DO allow for hyphens, but not underscores. (RFC-952, RFC-1123)
-The main issue is the existence of DNS labels that are actually
-capable of being resolved to a valid IP, even if the label
-isn't a valid hostname (e.g. api-.example.com, @.example.com)
-
-Since the value we're checking could be an IP, a host name, a DNS label, or a FQDN,
-and there are cases where DNS or Hostnames are misconfigured despite RFC
-we'll go with the least restrictive rules while still providing a sanity check.
-"""
-
-# label regex: in total between 4 and 255 chars, tld 2 to 63 chars, each label 1 to 63 chars
-_label_valid = re.compile(
-                    br"^(?=.{4,255}$)([A-Z0-9_-]([A-Z0-9_-]{0,61}[A-Z0-9_-])?\.)"
-                    br"{1,126}[A-Z0-9][A-Z0-9-]{0,61}[A-Z0-9]$", re.IGNORECASE)
-_host_valid = re.compile(br"[A-Z0-9\-_]{1,63}$", re.IGNORECASE)
+# Allow underscore in host name
+# Note: This could be a DNS label, a hostname, a FQDN, or an IP
+_label_valid = re.compile(br"[A-Z\d\-_]{1,63}$", re.IGNORECASE)
 
 
 def is_valid_host(host: bytes) -> bool:
@@ -32,14 +17,10 @@ def is_valid_host(host: bytes) -> bool:
     # RFC1035: 255 bytes or less.
     if len(host) > 255:
         return False
-    # Trim trailing period
     if host and host[-1:] == b".":
         host = host[:-1]
-    # DNS label
-    if b"." in host and _label_valid.match(host):
-        return True
-    # hostname
-    if b"." not in host and _host_valid.match(host):
+    # DNS hostname
+    if all(_label_valid.match(x) for x in host.split(b".")):
         return True
     # IPv4/IPv6 address
     try:
diff --git a/test/mitmproxy/net/test_check.py b/test/mitmproxy/net/test_check.py
index 7def75fd..649e71da 100644
--- a/test/mitmproxy/net/test_check.py
+++ b/test/mitmproxy/net/test_check.py
@@ -13,7 +13,8 @@ def test_is_valid_host():
     assert check.is_valid_host(b"one_two")
     assert check.is_valid_host(b"::1")
 
-    # IPv6 Validations
+    # IP Address Validations
+    assert check.is_valid_host(b'127.0.0.1')
     assert check.is_valid_host(b'2001:0db8:85a3:0000:0000:8a2e:0370:7334')
     assert check.is_valid_host(b'2001:db8:85a3:0:0:8a2e:370:7334')
     assert check.is_valid_host(b'2001:db8:85a3::8a2e:370:7334')
@@ -21,7 +22,6 @@ def test_is_valid_host():
     assert check.is_valid_host(b'2001-db8-85a3-8d3-1319-8a2e-370-7348.ipv6-literal.net')
 
     # TLD must be between 2 and 63 chars
-    assert not check.is_valid_host(b'example.t')
     assert check.is_valid_host(b'example.tl')
     assert check.is_valid_host(b'example.tld')
     assert check.is_valid_host(b'example.' + b"x" * 63)
@@ -51,9 +51,6 @@ def test_is_valid_host():
     assert check.is_valid_host(b'_a.example.tld')
     assert check.is_valid_host(b'a_.example.tld')
     assert check.is_valid_host(b'_a_.example.tld')
-    assert not check.is_valid_host(b'a._example')
-    assert not check.is_valid_host(b'a._example_')
-    assert not check.is_valid_host(b'a.example_')
 
     # Misc Dash/Hyphen/Minus Test Cases
     assert check.is_valid_host(b'-example')
@@ -62,9 +59,6 @@ def test_is_valid_host():
     assert check.is_valid_host(b'-a.example.tld')
     assert check.is_valid_host(b'a-.example.tld')
     assert check.is_valid_host(b'-a-.example.tld')
-    assert not check.is_valid_host(b'a.-example')
-    assert not check.is_valid_host(b'a.-example-')
-    assert not check.is_valid_host(b'a.example-')
 
     # Misc Combo Test Cases
     assert check.is_valid_host(b'api-.example.com')