Simplify update repo URL validation

2025-07-19 09:53:34 -06:00 · 2020-03-13 10:20:09 -04:00 · 2020-03-13 10:20:09 -04:00 · f6dfd2fa43
commit f6dfd2fa43
parent 1f382f9252
1 changed files with 18 additions and 28 deletions
--- a/netbox/netbox/settings.py
+++ b/netbox/netbox/settings.py
@ -7,7 +7,8 @@ import warnings
 from urllib.parse import urlsplit

 from django.contrib.messages import constants as messages
-from django.core.exceptions import ImproperlyConfigured
+from django.core.exceptions import ImproperlyConfigured, ValidationError
+from django.core.validators import URLValidator


 #
@ -81,8 +82,6 @@ DOCS_ROOT = getattr(configuration, 'DOCS_ROOT', os.path.join(os.path.dirname(BAS
 EMAIL = getattr(configuration, 'EMAIL', {})
 ENFORCE_GLOBAL_UNIQUE = getattr(configuration, 'ENFORCE_GLOBAL_UNIQUE', False)
 EXEMPT_VIEW_PERMISSIONS = getattr(configuration, 'EXEMPT_VIEW_PERMISSIONS', [])
-UPDATE_REPO_URL = getattr(configuration, 'UPDATE_REPO_URL', None)
-UPDATE_CACHE_TIMEOUT = getattr(configuration, 'UPDATE_CACHE_TIMEOUT', 24 * 3600)
 LOGGING = getattr(configuration, 'LOGGING', {})
 LOGIN_REQUIRED = getattr(configuration, 'LOGIN_REQUIRED', False)
 LOGIN_TIMEOUT = getattr(configuration, 'LOGIN_TIMEOUT', None)
@ -106,6 +105,22 @@ SHORT_DATETIME_FORMAT = getattr(configuration, 'SHORT_DATETIME_FORMAT', 'Y-m-d H
 SHORT_TIME_FORMAT = getattr(configuration, 'SHORT_TIME_FORMAT', 'H:i:s')
 TIME_FORMAT = getattr(configuration, 'TIME_FORMAT', 'g:i a')
 TIME_ZONE = getattr(configuration, 'TIME_ZONE', 'UTC')
+UPDATE_REPO_URL = getattr(configuration, 'UPDATE_REPO_URL', None)
+UPDATE_CACHE_TIMEOUT = getattr(configuration, 'UPDATE_CACHE_TIMEOUT', 24 * 3600)
+
+# Validate update repo URL and timeout
+if UPDATE_REPO_URL:
+    try:
+        URLValidator(UPDATE_REPO_URL)
+    except ValidationError:
+        raise ImproperlyConfigured(
+            "UPDATE_REPO_URL must be a valid API URL. Example: "
+            "https://api.github.com/repos/netbox-community/netbox"
+        )
+
+# Enforce a minimum cache timeout for update checks
+if UPDATE_CACHE_TIMEOUT < 3600:
+    raise ImproperlyConfigured("UPDATE_CACHE_TIMEOUT has to be at least 3600 seconds (1 hour)")


 #
@ -307,31 +322,6 @@ AUTHENTICATION_BACKENDS = [
    'utilities.auth_backends.ViewExemptModelBackend',
 ]

-# GitHub repository for version check
-if UPDATE_REPO_URL:
-    UPDATE_REPO_URL = UPDATE_REPO_URL.rstrip('/')
-    try:
-        scheme, netloc, path, query, fragment = urlsplit(UPDATE_REPO_URL)
-    except ValueError:
-        raise ImproperlyConfigured("UPDATE_REPO_URL must be a valid URL")
-
-    if scheme not in ('http', 'https'):
-        raise ImproperlyConfigured("UPDATE_REPO_URL must be a valid http:// or https:// URL")
-
-    if not re.fullmatch(r'/repos/[A-Za-z0-9_.-]+/[A-Za-z0-9_.-]+', path):
-        raise ImproperlyConfigured(
-            "GITHUB_REPOSITORY must contain the base URL of the GitHub API in a form like "
-            "'https://api.github.com/repos/<owner>/<repository>'"
-        )
-
-    # Don't allow ? (query) and # (fragment) in the URL
-    if query or fragment:
-        raise ImproperlyConfigured("UPDATE_REPO_URL may not contain a ? (query) or # (fragment)")
-
-# Enforce a cache timeout of at least an hour to protect GitHub
-if UPDATE_CACHE_TIMEOUT < 3600:
-    raise ImproperlyConfigured("UPDATE_CACHE_TIMEOUT has to be at least 3600 seconds (1 hour)")
-
 # Internationalization
 LANGUAGE_CODE = 'en-us'
 USE_I18N = True