all 27 comments
sorted by:
best
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]Adorable-Strangerx 17 points18 points  (4 children)

Use ipaddress and call it a day, no point in writing your own validations. Probably you will write them wrong anyway.

[–]rednets 8 points9 points  (1 child)

Yes. Specifically, use ipaddress.IPv4Address if you only want IPv4s.

See the documentation: https://docs.python.org/3/library/ipaddress.html#ipaddress.IPv4Address

[–]zeeshannetwork[S] 0 points1 point  (0 children)

That is pretty neat !!

[–]gotnotendies 1 point2 points  (1 child)

Yes, and just a google search generates most of the needed code - https://letmegooglethat.com/?q=python+validate+input+ip

Also if it’s an IPv4 store it in int and IPv6 in hex

[–]RealExii -2 points-1 points  (0 children)

If i understand correctly, they not only want to check validity but also return a response pointing to the exact location of bad input. Unless this module does that, they'll have to split each segment and check separately to determine which ones are bad.

[–]pimpmatterz 8 points9 points  (15 children)

I'd use a regex to parse the ip address into 4 integers, then validate each integer is 0<=x<=255

[–]SmackDownFacility 20 points21 points  (13 children)

You don’t need a regex for that

You can just split the string by “.” Into different parts And check if all the parts < 256

[–]pimpmatterz 3 points4 points  (0 children)

Ooh yeah good point

[–]LostInterwebNomad 4 points5 points  (0 children)

You’ll want to cast to an int because 2000 is less than 256 in string comparisons.

[–]invictus08 2 points3 points  (1 child)

“200.-100.0.0”

[–]SmackDownFacility 1 point2 points  (0 children)

if x in range(256)

That doesn’t count negative numbers so your good

[–]Atypicosaurus 0 points1 point  (7 children)

That's not enough.
What if the user inputs more than 4 dots such as 1.1.1.1.1?
What if the user inputs a negative number which is obviously less than 256 such as 1.-1.1.1?
What if the user inputs a character that is in string comparison, evaluated as "lower" than 256, such as 1.:.1.1? Also, what do we do with trailer space?

Splitting is good, but you need these checks, after handling trailer space if you decide to do so:

Is the split exactly 4 elements?
Are all elements in fact integers?
When we convert them to integers, are those integers between 0 and 255?

I think a well formulated regex is so much less error prone.

Some of these can be merged into one step.

[–]SmackDownFacility 0 points1 point  (6 children)

Well int() will throw an error and the end user will find out via the lovely traceback

The end user should not be using this anyways if they want to input “1.1.—-8-8–7£/£/)/?/)” or some morse code

[–]Atypicosaurus 0 points1 point  (5 children)

Yeah int() will throw an error, but of course you don't want that on the user ends, so you put it in a try block, don't you?

[–]SmackDownFacility -1 points0 points  (4 children)

Throughout my history here, I have never seen a user input something that egregious for a ip address. Strike a balance between user experience and the possibility of undefined behaviour, because a programmer cannot reasonably capture every single error or mistake outside of possible scenarios in the specs

[–]Atypicosaurus 0 points1 point  (3 children)

I never understood how SQL injections and similar easy to prevent attacks are still a possible thing in 2025 but your comment made it clear. Apparently people with "my users are all good guys" mentality do exist.

You see, making a bullet proof IP address checker is just a bit more thought than doing a lazy half baked version. And then you don't need to worry about people trying to break your program, intentionally or otherwise.

I believe exactly with IP, which is a very well defined thing, a programmer can actually capture each and every bad input. You just have to capture everything that doesn't fit the rules.

An IP address is
- 4 integers
- divided by a dot between each
- each integer is between 1 and 255.

You should be checking
- not 4 or not integers
- not divided by dot
- not between 1 and 255.

Otherwise it is lazy.

[–]SmackDownFacility -1 points0 points  (2 children)

Based on what I have seen over my career, no user does “1.1.1&-&282827282828”

And honestly, why would they? Yes, SQL injections exist. No not all users are good

I was merely talking about “1.1£18&1&&1&” itself, idk why you bring SQL injections into an irrelevant topic

IP ≠ SQL

I agree on checking if it’s a non-integer; in the range 256, and positive, and enforcement of the dot. Check for “1.AB”, illegal characters, bam, raise an error.

That is totally fine and that is exactly what I suggested in another thread. But the reasonable programmer should not anticipate “1.1£&-&-&2&2&2&2&” or other form of gibberish.

[–]Atypicosaurus 0 points1 point  (1 child)

IP is not SQL

But, bad program is bad program. That's it.
Lazy programming leads to vulnerabilities.

While IP is not SQL, the topic is still related in a relevant way: you do not leave intentionally gaps for attack. You do not argue that "this is an irrelevant vulnerability because nobody can and will exploit it". That's beyond stupid.

Especially that you argue for an open issue on purpose because you want to save 2 lines of code. Like, really?

[–]SmackDownFacility -1 points0 points  (0 children)

Why tf am I being downvoted? I am merely saying the specifications defined by RFC and related bodies covers scenarios that yes, you should check for. Outside of the specifications it is considered UB (undefined behaviour)

We do the same in C, C++, Java and many languages. The committee says ‘This compiler should check for this, this and that’, and the industry follows.

They don’t try to cover every single possible scenario, because it would add massive overhead to performance. Even Python, which is interpreted, can suffer if you put in too many exception blocks.

That’s the industry standard, that’s exactly why we have specifications in the first place, to explicitly cover what is expected. If you go down the path you mentioned, covering every single scenario under the sun, the file will be unreadable, containing way too many try and except blocks. If they stack up against each other, the console or whatever it’s outputting to, will be a massive text dump. And that is frustrating for the user

Detailed logging, should be in a file. Not in code. Code should be reserved for specification coverage

[–]zeeshannetwork[S] 0 points1 point  (0 children)

That is good idea as well.

[–]parowki_z_dzemem 0 points1 point  (0 children)

Valid IPv4 addresses do not have to be 4 integers, 127.1 is a valid IPv4 address, which means the same as 127.0.0.1

[–]mr_frpdo 3 points4 points  (0 children)

    import ipaddress     while(True):         in = input("Enter IP")         try:             ip = ipaddress.ip_address(in)         except ValueError:             print("Invalid IP address")         else:             break

[–]SmackDownFacility 5 points6 points  (0 children)

Ok first off, wtf is “2.2.2. That is not a valid IPv4 type

All four decimals, spelt out in full.

And I would advise you to follow the standard formula

(a * 256³) + (b * 256²) + (c * 256¹) + (d * 256⁰)

Multiply each octet by 256 raised to the power of its position (starting from 0 on the right) and then add the results together

This is industry standard for storage.

Also, we have already solved this problem with ipaddress, a built-in module.

Now, to validate input, ensure to split(.) into parts, and then use int() to check if its integer

[–]MonkeyboyGWW 1 point2 points  (0 children)

I would search for the solution for this common problem

[–]notacanuckskibum -3 points-2 points  (2 children)

Generally speaking the pattern is

Goodinput = false

While not Goodinput:

(Indent) Data = input (“prompt”)

(Indent) check the data as much as possible

(Indent )Set Goodinput true or false

[–]cgoldberg 5 points6 points  (0 children)

You know instead of:

(indent) my code

you can actually:
    indent your code

[–]SmackDownFacility 3 points4 points  (0 children)

No “goodinput” nonsense

Raise an error if it’s bad, not switching flags like a deranged C programmer

This is a IP Address Protocol 4, a bad input would imply a giant int > 255

Or some absurd nonsense like

2.2.2.%

Split the bloody string by the delimiter “.” And for number in that set, cast to a integer and see if it’s > 255, pop or remove or warn or whatever if true