Closed lostphenomenon closed 4 years ago
Ah jesus... Sorry guys its not your fault but you should also know about this. Didn't expect Microsoft to do such lousy work.
As per official documentation for IpAddress.TryParse()
Note that this method accepts as valid an ipString value that can be parsed as an Int64, and then treats that Int64 as the long value of an IP address in network byte order, similar to the way that the IPAddress constructor does. This means that this method returns true if the Int64 is parsed successfully, even if it represents an address that's not a valid IP address.
@lostphenomenon
You should read https://tools.ietf.org/html/rfc3986#page-45
I noticed a security issue in our product that when some "edge case" ip address is entered it is saved via the repository although it shouldn't pass validation. I initially tought that the TryParse does a full strict validation of an IP address but then I experienced this weird behavior.
IPAddress.TryParse(ipAddress, out var validatedIP)
input values: ipAddress = 0.320
output values: validatedIP = {0.0.1.64}
This might have something to do with conversions to binary and back