Unclosed parenthesis in URL causes infinite loop

[p-m-k]

When there is an unclosed parenthesis in URL and we use url validator, it causes an infinite loop. What's more interesting is that it only happens when the unclosed parenthesis is followed by many characters (check test case number 3 and 4).

from colander import MappingSchema, SchemaNode, Str, url


class MySchema(MappingSchema):
    url = SchemaNode(Str(encoding='utf-8'), validator=url)

print MySchema().deserialize({"url": "http://www.mysite.com/tttttttttttttttttttttt.jpg"})  # it works
print MySchema().deserialize({"url": "http://www.mysite.com/(tttttttttttttttttttttt).jpg"})  # it works
print MySchema().deserialize({"url": "http://www.mysite.com/(ttttttttttt.jpg"})  # it works
print MySchema().deserialize({"url": "http://www.mysite.com/(tttttttttttttttttttttt.jpg"})  # infinite loop

In addition, if you check it in an online regex checker (https://regex101.com/) it also fails. Try this regex, it's used for URL validation in colander. It's taken from colander.__init__.py:438, I only escaped two slashes here.

(?i)\b((?:[a-z][\w-]+:(?:\/{1,3}|[a-z0-9%])|www\d{0,3}[.]|[a-z0-9.\-]+[.][a-z]{2,4}\/)(?:[^\s()<>]+|\(([^\s()<>]+|(\([^\s()<>]+\)))*\))+(?:\(([^\s()<>]+|(\([^\s()<>]+\)))*\)|[^\s`!()\[\]{};:'".,<>?«»“”‘’]))

Use this URL: http://www.mysite.com/(tttttttttttttttttttttt.jpg and you'll get catastrophic backtracking. You can use debugger on that site to check which group falls in infinite loop.

[mmerickel]

We should switch this to just use urlparse and confirm that the required parts exist such as scheme/host/path.

Anyone have some better advice?