RFC6874 - IPv6 zone IDs in URIs #571
Conversation
|
|
||
| // Bracket only real IPv6 literals; decide using the address part only (ignore zone) | ||
| if (ZoneIdSupport.isIPv6AddressPart(hostname)) { | ||
| ZoneIdSupport.appendBracketedIPv6(buffer, hostname); |
There was a problem hiding this comment.
@arturobernalg If I understand it right #isIPv6AddressPart will be executed twice. Is this needed?
There was a problem hiding this comment.
@arturobernalg #isIPv6AddressPart still gets called twice. Once here, and another time inside #appendBracketedIPv6
| } | ||
| } | ||
|
|
||
| public static boolean isIPv6AddressPart(final String host) { |
There was a problem hiding this comment.
@arturobernalg Please use CharSequence instead of String whenever possible.
arturobernalg
force-pushed
the
rfc6874
branch
from
8bb645c to
779df81
Compare
| cursor.updatePos(initPos); | ||
| } | ||
|
|
||
| if (!cursor.atEnd() && s.charAt(cursor.getPos()) == '[') { |
There was a problem hiding this comment.
@arturobernalg God Merciful. Do we really need to do all this? I have been trying to reduce our security footprint outside of our direct area of responsibility. This is just a matter of time some "security professionals" or "security researchers" will start crawling up your rectum claiming this code is potentially vulnerable to exploits by green men from Mars and demand an CVE with their name on it. I understand, we all have to make a living, so do security researches, but do we really need all that?
Again, why are we doing this? Do we really need to parse IPv6 addresses? Really.
There was a problem hiding this comment.
@ok2c No IPv6 parsing—just bracket check + RFC 6874 zone encode/decode in one tiny helper; minimal surface, CONNECT untouched.
There was a problem hiding this comment.
@arturobernalg Do not see those changes. There are also conflicts in the branch. Please double-check.
arturobernalg
force-pushed
the
rfc6874
branch
2 times, most recently
from
d70ff27 to
28a5748
Compare
arturobernalg
force-pushed
the
rfc6874
branch
from
28a5748 to
11a9d74
Compare
… literal opaquely, decode/validate ZoneID; keep colon-count heuristic.
arturobernalg
force-pushed
the
rfc6874
branch
from
30d19e5 to
ddf093c
Compare
|
@arturobernalg I do not know what I am missing but I see no difference with the previous revision. Generally I am not in favor of this change. IPv6 zones are none of our business. |
@ok2c I think i already remove the v6 parse. please take a another look |
@arturobernalg I still see no difference. I am sorry, but I do not understand what you are doing and more importantly why you are doing at all. I cannot approve this change-set. |
So i guess this pr has no sense anymore. |
2 participants
Implement RFC 6874 zone ID handling for IPv6 literals.
Round-trip: parse [fe80::1%25eth0] → "fe80::1%eth0", format → "[fe80::1%25eth0]"; validates ZoneID.
Touches URIAuthority/URIBuilder/HttpHost; includes tests; preserves compatibility.