From fc468f5a1a74f41240846ac15ffa5e27b1a26982 Mon Sep 17 00:00:00 2001
From: Elias Regopoulos <elre@odoo.com>
Date: Fri, 16 Dec 2022 15:09:23 +0000
Subject: [PATCH] [FIX] base_iban: Avoid KeyError on IBAN with non-ASCII
characters
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
If the IBAN includes a non-ASCII alphanumeric character and has just the right length, the IBAN validation crashes with a KeyError before validation can take place.
Fictional example: The supposed IBAN code "Bank München-Wiesn GmbH" gets normalized to "BankMünchenWiesnGmbH"; a string that starts with a valid country code ('BA', ie. Bosnia-Herzegovina) and happens to have the same length as Bosnia-Herzegovina's IBAN format (20 characters). Normally this erroneous IBAN would've been rejected as invalid, but Python throws a KeyError when trying to convert 'ü' to an int right before the validation step.
We therefore need to also check if all characters in the IBAN code are within the expected range, namely [a-zA-Z0-9] (strictly speaking, the IBAN's specification range is only [A-Z0-9], but we can be lenient since Python's `int()` is case-insensitive).
closes odoo/odoo#108338
Signed-off-by: Josse Colpaert <jco@odoo.com>
---
addons/base_iban/models/res_partner_bank.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/addons/base_iban/models/res_partner_bank.py b/addons/base_iban/models/res_partner_bank.py
index 72c9d77d7c18..5f3bc7a6b2dc 100644
--- a/addons/base_iban/models/res_partner_bank.py
+++ b/addons/base_iban/models/res_partner_bank.py
@@ -35,7 +35,7 @@ def validate_iban(iban):
raise ValidationError(_("The IBAN is invalid, it should begin with the country code"))
iban_template = _map_iban_template[country_code]
- if len(iban) != len(iban_template.replace(' ', '')):
+ if len(iban) != len(iban_template.replace(' ', '')) or not re.fullmatch("[a-zA-Z0-9]+", iban):
raise ValidationError(_("The IBAN does not seem to be correct. You should have entered something like this %s\n"
"Where B = National bank code, S = Branch code, C = Account No, k = Check digit") % iban_template)
--
GitLab