gh-125651: Use regex to avoid any unallowed character to passed to int

sevdog · sevdog · commit cde9e36a80f9 · 2024-10-18T09:50:16.000+02:00
diff --git a/Lib/test/test_uuid.py b/Lib/test/test_uuid.py
@@ -232,11 +232,17 @@ def test_exceptions(self):
         # Badly formed hex strings.
         badvalue(lambda: self.uuid.UUID(''))
         badvalue(lambda: self.uuid.UUID('abc'))
-        badvalue(lambda: self.uuid.UUID("123_4567812345678123456781234567"))
-        badvalue(lambda: self.uuid.UUID("123_4567812345678123456781_23456"))
+        badvalue(lambda: self.uuid.UUID('123_4567812345678123456781234567'))
+        badvalue(lambda: self.uuid.UUID('123_4567812345678123456781_23456'))
+        badvalue(lambda: self.uuid.UUID('123_4567812345678123456781_23456'))
         badvalue(lambda: self.uuid.UUID('1234567812345678123456781234567'))
         badvalue(lambda: self.uuid.UUID('123456781234567812345678123456789'))
         badvalue(lambda: self.uuid.UUID('123456781234567812345678z2345678'))
+        badvalue(lambda: self.uuid.UUID('0x123456781234567812345678z23456'))
+        badvalue(lambda: self.uuid.UUID('0X123456781234567812345678z23456'))
+        badvalue(lambda: self.uuid.UUID('+123456781234567812345678z234567'))
+        badvalue(lambda: self.uuid.UUID(' 123456781234567812345678z23456 '))
+        badvalue(lambda: self.uuid.UUID('  123456781234567812345678z2345  '))
 
         # Badly formed bytes.
         badvalue(lambda: self.uuid.UUID(bytes='abc'))
diff --git a/Lib/uuid.py b/Lib/uuid.py
@@ -45,6 +45,7 @@
 """
 
 import os
+import re
 import sys
 
 from enum import Enum, _simple_enum
@@ -176,8 +177,8 @@ def __init__(self, hex=None, bytes=None, bytes_le=None, fields=None,
                             'or int arguments must be given')
         if hex is not None:
             hex = hex.replace('urn:', '').replace('uuid:', '')
-            hex = hex.strip("{}").replace("-", "").replace("_", "")
-            if len(hex) != 32:
+            hex = hex.strip('{}').replace('-', '')
+            if not re.fullmatch(r'[0-9A-Fa-f]{32}', hex):
                 raise ValueError('badly formed hexadecimal UUID string')
             int = int_(hex, 16)
         if bytes_le is not None:
