Ability to block access to simplehosts

use floating env
validators 0.21 needs 'simple host' setting for single word hosts
2025-10-30 22:27:52 +00:00 · 2023-08-13 16:50:44 +02:00 · 2023-08-13 15:52:51 +02:00 · 2023-08-13 15:51:28 +02:00 · 2023-08-13 15:01:34 +02:00
4 changed files with 14 additions and 5 deletions
--- a/.github/workflows/test-only.yml
+++ b/.github/workflows/test-only.yml
@@ -36,6 +36,8 @@ jobs:
        run: |         
          # Build a changedetection.io container and start testing inside
          docker build . -t test-changedetectionio
+          # Debug info
+          docker run test-changedetectionio  bash -c 'pip list'

      - name: Spin up ancillary SMTP+Echo message test server
        run: |
@@ -44,7 +46,6 @@ jobs:

      - name: Test built container with pytest
        run: |
-          
          # Unit tests
          docker run test-changedetectionio  bash -c 'python3 -m unittest changedetectionio.tests.unit.test_notification_diff'
          
--- a/changedetectionio/api/api_v1.py
+++ b/changedetectionio/api/api_v1.py
@@ -1,3 +1,6 @@
+import os
+from distutils.util import strtobool
+
 from flask_expects_json import expects_json
 from changedetectionio import queuedWatchMetaData
 from flask_restful import abort, Resource
@@ -209,7 +212,9 @@ class CreateWatch(Resource):
        json_data = request.get_json()
        url = json_data['url'].strip()

-        if not validators.url(json_data['url'].strip()):
+        # If hosts that only contain alphanumerics are allowed ("localhost" for example)
+        allow_simplehost = not strtobool(os.getenv('BLOCK_SIMPLEHOSTS', 'False'))
+        if not validators.url(url, simple_host=allow_simplehost):
            return "Invalid or unsupported URL", 400

        if json_data.get('proxy'):
--- a/changedetectionio/forms.py
+++ b/changedetectionio/forms.py
@@ -1,5 +1,6 @@
 import os
 import re
+from distutils.util import strtobool

 from wtforms import (
    BooleanField,
@@ -257,9 +258,10 @@ class validateURL(object):

    def __call__(self, form, field):
        import validators
-
+        # If hosts that only contain alphanumerics are allowed ("localhost" for example)
+        allow_simplehost = not strtobool(os.getenv('BLOCK_SIMPLEHOSTS', 'False'))
        try:
-            validators.url(field.data.strip())
+            validators.url(field.data.strip(), simple_host=allow_simplehost)
        except validators.ValidationFailure:
            message = field.gettext('\'%s\' is not a valid URL.' % (field.data.strip()))
            raise ValidationError(message)
--- a/requirements.txt
+++ b/requirements.txt
@@ -10,7 +10,8 @@ flask~=2.0
 inscriptis~=2.2
 pytz
 timeago~=1.0
-validators
+validators~=0.21
+

 # Set these versions together to avoid a RequestsDependencyWarning
 # >= 2.26 also adds Brotli support if brotli is installed
Author	SHA1	Message	Date
dgtlmoon	5aaec3f8b8	Ability to block access to simplehosts	2023-08-13 16:50:44 +02:00
dgtlmoon	1ae1b58c93	use floating env	2023-08-13 15:52:51 +02:00
dgtlmoon	60c1c96e57	validators 0.21 needs 'simple host' setting for single word hosts	2023-08-13 15:51:28 +02:00
dgtlmoon	23ef67efec	Add debug to build	2023-08-13 15:01:34 +02:00