From 8e0c02a1512c53395e6efbe7f39484315bc87432 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <23113631+pixeebot@users.noreply.github.com>
Date: Thu, 1 Feb 2024 23:35:05 +0000
Subject: [PATCH] Sandboxed URL creation to prevent SSRF attacks

---
 src/main/java/stirling/software/SPDF/utils/GeneralUtils.java | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
index 672e5c70..1b0c315a 100644
--- a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
+++ b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
@@ -1,5 +1,7 @@
 package stirling.software.SPDF.utils;
 
+import io.github.pixee.security.HostValidator;
+import io.github.pixee.security.Urls;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -57,7 +59,7 @@ public class GeneralUtils {
 
     public static boolean isValidURL(String urlStr) {
         try {
-            new URL(urlStr);
+            Urls.create(urlStr, Urls.HTTP_PROTOCOLS, HostValidator.DENY_COMMON_INFRASTRUCTURE_TARGETS);
             return true;
         } catch (MalformedURLException e) {
             return false;