fix(regex): correct IP validation to enforce IPv4 octet range and robust IPv6 matching #2322
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
|
Hello @Pratyush2240 , Thank you for your submission. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes incorrect IP address validation where invalid IPv4 like 256.256.256.256 and 999.999.999.999 could be treated as valid.
Improves IPv6 matching to cover full, compressed, link-local (with zone ID), and IPv4-embedded forms.
Documentation updated to clearly distinguish valid vs invalid IPv4 examples.
Closes #2176
Changes
Updated Specialized Areas/Regular Expressions/IP Address Validation/getIP4OrIPV6address.js
Replaced permissive IPv4 pattern (\d{1,3}.){3}\d{1,3} with octet-range-safe regex: (?:25[0-5]|2[0-4]\d|1?\d?\d)(?:.(?:25[0-5]|2[0-4]\d|1?\d?\d)){3}
Implemented comprehensive IPv6 alternation supporting:
Full form: 2001:db8:...
Compressed: fe80::1
Link-local with zone: fe80::1%eth0
IPv4-embedded: ::ffff:192.168.1.1
Preserved extractIPAddresses(text) signature and return behaviour.
Updated Specialized Areas/Regular Expressions/IP Address Validation/README.md
Added clearly separated lists of valid and invalid IPv4 examples.
Documented IPv6 coverage and IPv4 0–255 enforcement.
Rationale
The prior IPv4 regex allowed any three-digit octet, admitting values >255. The new pattern enforces each octet to be within 0–255 while remaining compact and readable. IPv6 detection is tightened to avoid over-matching arbitrary colon-hex strings while supporting standard formats used in ServiceNow integrations and logs.
Validation
Valid IPv4 accepted
192.168.1.1
127.0.0.1
0.0.0.0
255.255.255.255
1.2.3.4
Invalid IPv4 rejected
256.256.256.256
999.999.999.999
1.2.3
IPv6 accepted
2001:0db8:85a3:0000:0000:8a2e:0370:7334
fe80::1
::ffff:192.168.1.1
fe80::7:8%eth0
If you prefer rejecting leading-zero IPv4 octets (e.g., 01.02.003.004), I can further tighten the IPv4 subpattern.
Screenshots or Examples
N/A; behaviour is covered by the examples above and updated README.
Backward Compatibility
No breaking changes to function signatures or file structure.
Stricter validation may filter previously accepted invalid addresses, which is the intended fix.
Checklist
Follows repository structure and guidelines in AGENTS.md
No sensitive information added
Documentation updated
Verified examples against edge cases from the issue
Clear commit messages prepared
Files Affected
Specialized Areas/Regular Expressions/IP Address Validation/getIP4OrIPV6address.js
Specialized Areas/Regular Expressions/IP Address Validation/README.md
Release Notes
IP validation regex updated to correctly handle IPv4 edge cases and provide robust IPv6 support.