nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-04-05 21:18:13 -05:00
Code

validate service url schema (#1695)

Browse Source
This commit is contained in:
Kyle Spearrin 2021-11-08 11:47:03 -05:00 committed by GitHub
parent 1aa25f2712
commit 5aa492e886
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/Core/Models/Api/Request/Organizations/OrganizationSsoRequestModel.cs
View File

@ -160,19 +160,19 @@ namespace Bit.Core.Models.Api
new[] { nameof(IdpSingleSignOnServiceUrl) }); new[] { nameof(IdpSingleSignOnServiceUrl) });
} }
if (ContainsHtmlMetaCharacters(IdpSingleSignOnServiceUrl)) if (InvalidServiceUrl(IdpSingleSignOnServiceUrl))
{ {
yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleSignOnServiceUrlInvalid"), yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleSignOnServiceUrlInvalid"),
new[] { nameof(IdpSingleSignOnServiceUrl) }); new[] { nameof(IdpSingleSignOnServiceUrl) });
} }
if (ContainsHtmlMetaCharacters(IdpArtifactResolutionServiceUrl)) if (InvalidServiceUrl(IdpArtifactResolutionServiceUrl))
{ {
yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpArtifactResolutionServiceUrlInvalid"), yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpArtifactResolutionServiceUrlInvalid"),
new[] { nameof(IdpArtifactResolutionServiceUrl) }); new[] { nameof(IdpArtifactResolutionServiceUrl) });
} }
if (ContainsHtmlMetaCharacters(IdpSingleLogoutServiceUrl)) if (InvalidServiceUrl(IdpSingleLogoutServiceUrl))
{ {
yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleLogoutServiceUrlInvalid"), yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleLogoutServiceUrlInvalid"),
new[] { nameof(IdpSingleLogoutServiceUrl) }); new[] { nameof(IdpSingleLogoutServiceUrl) });
@ -260,12 +260,16 @@ namespace Bit.Core.Models.Api
RegexOptions.Multiline | RegexOptions.IgnoreCase | RegexOptions.CultureInvariant); RegexOptions.Multiline | RegexOptions.IgnoreCase | RegexOptions.CultureInvariant);
} }
private bool ContainsHtmlMetaCharacters(string url) private bool InvalidServiceUrl(string url)
{ {
if (string.IsNullOrWhiteSpace(url)) if (string.IsNullOrWhiteSpace(url))
{ {
return false; return false;
} }
if (!url.StartsWith("http://") && !url.StartsWith("https://"))
{
return true;
}
return Regex.IsMatch(url, "[<>\"]"); return Regex.IsMatch(url, "[<>\"]");
} }
} }