nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 05:00:19 -05:00
Code

validate service url schema (#1695)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-11-08 11:47:03 -05:00 committed by GitHub
parent 1aa25f2712
commit 5aa492e886
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Core/Models/Api/Request/Organizations/OrganizationSsoRequestModel.cs
View File

@ -160,19 +160,19 @@ namespace Bit.Core.Models.Api
new[] { nameof(IdpSingleSignOnServiceUrl) });
}
if (ContainsHtmlMetaCharacters(IdpSingleSignOnServiceUrl))
if (InvalidServiceUrl(IdpSingleSignOnServiceUrl))
{
yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleSignOnServiceUrlInvalid"),
new[] { nameof(IdpSingleSignOnServiceUrl) });
}
if (ContainsHtmlMetaCharacters(IdpArtifactResolutionServiceUrl))
if (InvalidServiceUrl(IdpArtifactResolutionServiceUrl))
{
yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpArtifactResolutionServiceUrlInvalid"),
new[] { nameof(IdpArtifactResolutionServiceUrl) });
}
if (ContainsHtmlMetaCharacters(IdpSingleLogoutServiceUrl))
if (InvalidServiceUrl(IdpSingleLogoutServiceUrl))
{
yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleLogoutServiceUrlInvalid"),
new[] { nameof(IdpSingleLogoutServiceUrl) });
@ -260,12 +260,16 @@ namespace Bit.Core.Models.Api
RegexOptions.Multiline | RegexOptions.IgnoreCase | RegexOptions.CultureInvariant);
}
private bool ContainsHtmlMetaCharacters(string url)
private bool InvalidServiceUrl(string url)
{
if (string.IsNullOrWhiteSpace(url))
{
return false;
}
if (!url.StartsWith("http://") && !url.StartsWith("https://"))
{
return true;
}
return Regex.IsMatch(url, "[<>\"]");
}
}