kamp/Stirling-PDF
1
0
Fork 0
mirror of https://github.com/Stirling-Tools/Stirling-PDF.git synced 2024-06-25 08:10:11 +02:00
Code

Sandboxed URL creation to prevent SSRF attacks

Browse Source
This commit is contained in:
pixeebot[bot] 2024-02-01 23:35:05 +00:00
parent 271906097d
commit 8e0c02a151
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
View File

@ -1,5 +1,7 @@
package stirling.software.SPDF.utils;
import io.github.pixee.security.HostValidator;
import io.github.pixee.security.Urls;
import java.io.File;
import java.io.FileOutputStream;
import java.io.IOException;
@ -57,7 +59,7 @@ public class GeneralUtils {
public static boolean isValidURL(String urlStr) {
try {
new URL(urlStr);
Urls.create(urlStr, Urls.HTTP_PROTOCOLS, HostValidator.DENY_COMMON_INFRASTRUCTURE_TARGETS);
return true;
} catch (MalformedURLException e) {
return false;