Skip to content

[codex] Validate IP targets and ranges#219

Merged
techmore merged 1 commit into
codex/python-main-baselinefrom
codex/validate-target-ips
Jun 19, 2026
Merged

[codex] Validate IP targets and ranges#219
techmore merged 1 commit into
codex/python-main-baselinefrom
codex/validate-target-ips

Conversation

@techmore

Copy link
Copy Markdown
Owner

What changed

  • Validate Nmap-style IPv4 octet ranges explicitly.
  • Reject malformed dotted numeric targets instead of accepting them as hostnames.
  • Add focused coverage for IPs, CIDRs, ranges, hostnames, multiple targets, and malformed IP-like inputs.

Why

The hostname fallback accepted malformed dotted IP values such as 192.168.1.999. It also accepted the documented IPv4 range syntax accidentally, without checking octet bounds or range ordering.

This keeps the existing supported target formats and scope policy unchanged while making IP and range validation deterministic.

Checks

  • python -m pytest tests/test_validation.py tests/test_backend_modules.py -q — 28 passed
  • flake8 nmapui/validation.py tests/test_validation.py — passed
  • Full suite — 307 passed, 8 skipped, 6 unrelated baseline/environment failures (worktree-local .venv assumption and date-sensitive report fixtures)

Base branch note

The remote default main now contains an unrelated Express application, while this task targets the Python application on local main at 622d9a0. This PR uses codex/python-main-baseline (that exact parent commit) so the review remains a one-commit, two-file diff. Retarget this PR when the Python integration branch is restored or selected.

@techmore techmore left a comment

Copy link
Copy Markdown
Owner Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is a strong fit for the current app. The validation change is small, deterministic, and user-facing in the right way: it rejects malformed IP-like inputs before they can slip into hostname fallback, and it adds explicit coverage for the supported target formats.

I especially like that this improves scan correctness without changing the user-facing scope policy. That makes it a real quality win rather than just a refactor.

@techmore techmore marked this pull request as ready for review June 19, 2026 10:47
@techmore techmore merged commit 45af311 into codex/python-main-baseline Jun 19, 2026
0 of 6 checks passed
@techmore techmore deleted the codex/validate-target-ips branch June 19, 2026 10:47

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: e69b0f5332

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread nmapui/validation.py
Comment on lines +55 to +56
if _IPV4_LIKE_RE.fullmatch(item):
return False, f"Invalid target: {item}"

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

P2 Badge Preserve Nmap octet-list targets

When users enter a Nmap-supported octet-list target such as 192.168.3-5,7.1, validate_target first splits on the comma and then this new numeric fallback rejects the first piece (192.168.3-5) as invalid. I checked the official Nmap target specification, which documents comma-separated numbers/ranges within an octet using that example (https://nmap.org/book/man-target-specification.html); this target previously passed validation and can be scanned by Nmap, so the new malformed-IP guard blocks a valid range form before the scan starts.

Useful? React with 👍 / 👎.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant