ipnetwork icon indicating copy to clipboard operation
ipnetwork copied to clipboard
verified publisher icon lduchosal

TryParse of a CIDR string with a trailing space and subsequent characters and `sanitanize: false` returns true

Open enclave-alistair opened this issue 2 years ago • 2 comments

If I invoke IPNetwork.TryParse with a CIDR string that contains additional trailing characters after a space character, the parse succeeds:

[Test]
public void Should_return_false_when_parsing_a_cidr_with_extra_characters()
{
    var result = IPNetwork.TryParse("20.42.65.64/29 !%!!!!!", sanitanize: false, out _);

    // This assert fails.
    Assert.That(result, Is.False);
}

This is unexpected, since sanitanize: false leaves the trailing characters where they are.

The problem is caused by the space character; in InternalParse a space character is included in the split character array, but there is no check for there not being more than 2 components to the resulting split.

https://github.com/lduchosal/ipnetwork/blob/28a599e80d2734905c68f72e18c7cce54e56badb/src/System.Net.IPNetwork/IPNetwork.cs#L624

enclave-alistair avatar Feb 20 '23 13:02 enclave-alistair

Thanks for the report, PR welcome!

lduchosal avatar Jan 18 '24 07:01 lduchosal

I guess the issue here is that the use of sanitanize: false implies that the method should fail, but instead due to the bug it is inadvertently removing (sanitizing) the garbage instead of returning null (TryParse) or throwing an exception (Parse).

In addition, it would be good to have a clearer definition of the intention of the sanitanize parameter. Also to introduce a new function that deprecates the typo in the parameter name :wink:

alexangas avatar Jan 30 '24 18:01 alexangas