URI parser: 7 mismatches found against RFC 3986 test suite

[AcEKaycgR]

Bug Report

Component: URI Parser
Found via: JSON Schema Test Suite PR #895
Test file: draft2020-12 URI suite (240 tests, 7 mismatches)

---

False Positives - parser accepts invalid URIs (6)

• http://[] - empty brackets accepted
  RFC 3986 §3.2.2: IP-literal = "[" ( IPv6address / IPvFuture ) "]"; empty content satisfies neither alternative.

• http://[2001:db8::00000] - five-digit h16 group accepted
  RFC 3986 §3.2.2: h16 = 1*4HEXDIG; five hex digits in one group exceed the maximum of four.

• http://[2001::db8::1] - double :: accepted
  RFC 3986 §3.2.2: each IPv6address alternative allows at most one ::; two occurrences match no alternative.

• http://[1:2:3:4:5:6:7] - seven groups without :: accepted
  RFC 3986 §3.2.2: without ::, the full IPv6address form requires exactly 8 groups; 7 groups are invalid.

• http://[1:2:3:4:5:6:7:8:9] - nine groups accepted
  RFC 3986 §3.2.2: no IPv6address alternative allows more than 8 groups.

• http://[::ffff:1.2.3.256] - IPv4 octet 256 out of range accepted
  RFC 3986 §3.2.2: IPv6address ls32 reuses IPv4address; dec-octet alt5 = "25" %x30-35 has a maximum of 255; 256 matches no alternative.

---

False Negatives - parser rejects valid URIs (1)

• http://a.com/%aF - mixed-case hex in percent-encoding rejected
  RFC 3986 §2.1: pct-encoded = "%" HEXDIG HEXDIG; HEXDIG is defined in RFC 5234 core rules as case-insensitive, so lowercase hex digits are valid.

---

Notes

All 7 cases have a comment field in the test suite with the exact ABNF citation. The 233 remaining tests pass correctly.