[codex] Validate IP targets and ranges#219
Conversation
techmore
left a comment
There was a problem hiding this comment.
This is a strong fit for the current app. The validation change is small, deterministic, and user-facing in the right way: it rejects malformed IP-like inputs before they can slip into hostname fallback, and it adds explicit coverage for the supported target formats.
I especially like that this improves scan correctness without changing the user-facing scope policy. That makes it a real quality win rather than just a refactor.
There was a problem hiding this comment.
💡 Codex Review
Here are some automated review suggestions for this pull request.
Reviewed commit: e69b0f5332
ℹ️ About Codex in GitHub
Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you
- Open a pull request for review
- Mark a draft as ready
- Comment "@codex review".
If Codex has suggestions, it will comment; otherwise it will react with 👍.
Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".
| if _IPV4_LIKE_RE.fullmatch(item): | ||
| return False, f"Invalid target: {item}" |
There was a problem hiding this comment.
Preserve Nmap octet-list targets
When users enter a Nmap-supported octet-list target such as 192.168.3-5,7.1, validate_target first splits on the comma and then this new numeric fallback rejects the first piece (192.168.3-5) as invalid. I checked the official Nmap target specification, which documents comma-separated numbers/ranges within an octet using that example (https://nmap.org/book/man-target-specification.html); this target previously passed validation and can be scanned by Nmap, so the new malformed-IP guard blocks a valid range form before the scan starts.
Useful? React with 👍 / 👎.
What changed
Why
The hostname fallback accepted malformed dotted IP values such as
192.168.1.999. It also accepted the documented IPv4 range syntax accidentally, without checking octet bounds or range ordering.This keeps the existing supported target formats and scope policy unchanged while making IP and range validation deterministic.
Checks
python -m pytest tests/test_validation.py tests/test_backend_modules.py -q— 28 passedflake8 nmapui/validation.py tests/test_validation.py— passed.venvassumption and date-sensitive report fixtures)Base branch note
The remote default
mainnow contains an unrelated Express application, while this task targets the Python application on localmainat622d9a0. This PR usescodex/python-main-baseline(that exact parent commit) so the review remains a one-commit, two-file diff. Retarget this PR when the Python integration branch is restored or selected.