URL validation on callback and webhook

Adhidarma Hadiwinoto
1 parent 1dd9942997
Showing 4 changed files with 12 additions and 6 deletions Side-by-side Diff
lib/core-callback/sender.js
lib/webhook-sender.js
package-lock.json
package.json
@@ -2,6 +2,7 @@ const MODULE_NAME = &#39;CORE-CALLBACK.SENDER&#39;;
  
 const axios = require('axios');
 const config = require('komodo-sdk/config');
+const validUrl = require('valid-url');
 const logger = require('tektrans-logger');
  
 const dumper = require('./dumper/sender');
@@ -82,10 +83,10 @@ const sender = async (data, xid, retry) =&gt; {
         });
     }
  
-    if (!data.reverse_url) {
-        logger.verbose(`${MODULE_NAME} C4FF18FB: Ignoring missing reverse url`, {
+    if (!data.reverse_url || !validUrl.isWebUri(data.reverse_url)) {
+        logger.verbose(`${MODULE_NAME} C4FF18FB: Ignoring invalid reverse url`, {
             xid,
-            dataFromCore: data,
+            reverseUrl: data && data.reverse_url,
         });
  
         return;
@@ -5,6 +5,7 @@ const moment = require(&#39;moment&#39;);
 const fs = require('fs');
 const path = require('path');
 const stringify = require('json-stringify-pretty-compact');
+const validUrl = require('valid-url');
 const config = require('komodo-sdk/config');
 const logger = require('tektrans-logger');
  
@@ -18,6 +19,8 @@ const sleepBeforeRetryMs = Number(config.webhook &amp;&amp; config.webhook.sleep_before_
  
 const baseDumpDir = path.join('dump', 'webhook-sender');
  
+const DO_WEBHOOK = config.webhook && config.webhook.url && validUrl.isWebUri(config.webhook.url);
+
 if (!fs.existsSync(baseDumpDir)) {
     fs.mkdirSync(baseDumpDir, { recursive: true });
 }
@@ -62,7 +65,7 @@ const dumper = async (xid, webhookType, body) =&gt; {
 };
  
 const sender = async (xid, webhookType, body, retry) => {
-    if (!config.webhook || !config.webhook.url) {
+    if (!DO_WEBHOOK) {
         return;
     }
  
@@ -21,7 +21,8 @@
         "request": "^2.88.0",
         "tektrans-logger": "^1.2.3",
         "uniqid": "^5.3.0",
-        "uuid": "^3.3.3"
+        "uuid": "^3.3.3",
+        "valid-url": "^1.0.9"
       },
       "devDependencies": {
         "eslint": "^6.8.0",
@@ -41,6 +41,7 @@
     "request": "^2.88.0",
     "tektrans-logger": "^1.2.3",
     "uniqid": "^5.3.0",
-    "uuid": "^3.3.3"
+    "uuid": "^3.3.3",
+    "valid-url": "^1.0.9"
   }
 }
...	...	@@ -2,6 +2,7 @@ const MODULE_NAME = 'CORE-CALLBACK.SENDER';
2	2
3	3	const axios = require('axios');
4	4	const config = require('komodo-sdk/config');
	5	+const validUrl = require('valid-url');
5	6	const logger = require('tektrans-logger');
6	7
7	8	const dumper = require('./dumper/sender');
...	...	@@ -82,10 +83,10 @@ const sender = async (data, xid, retry) => {
82	83	});
83	84	}
84	85
85		- if (!data.reverse_url) {
86		- logger.verbose(`${MODULE_NAME} C4FF18FB: Ignoring missing reverse url`, {
	86	+ if (!data.reverse_url \|\| !validUrl.isWebUri(data.reverse_url)) {
	87	+ logger.verbose(`${MODULE_NAME} C4FF18FB: Ignoring invalid reverse url`, {
87	88	xid,
88		- dataFromCore: data,
	89	+ reverseUrl: data && data.reverse_url,
89	90	});
90	91
91	92	return;
...	...	@@ -5,6 +5,7 @@ const moment = require('moment');
5	5	const fs = require('fs');
6	6	const path = require('path');
7	7	const stringify = require('json-stringify-pretty-compact');
	8	+const validUrl = require('valid-url');
8	9	const config = require('komodo-sdk/config');
9	10	const logger = require('tektrans-logger');
10	11
...	...	@@ -18,6 +19,8 @@ const sleepBeforeRetryMs = Number(config.webhook && config.webhook.sleep_before_
18	19
19	20	const baseDumpDir = path.join('dump', 'webhook-sender');
20	21
	22	+const DO_WEBHOOK = config.webhook && config.webhook.url && validUrl.isWebUri(config.webhook.url);
	23	+
21	24	if (!fs.existsSync(baseDumpDir)) {
22	25	fs.mkdirSync(baseDumpDir, { recursive: true });
23	26	}
...	...	@@ -62,7 +65,7 @@ const dumper = async (xid, webhookType, body) => {
62	65	};
63	66
64	67	const sender = async (xid, webhookType, body, retry) => {
65		- if (!config.webhook \|\| !config.webhook.url) {
	68	+ if (!DO_WEBHOOK) {
66	69	return;
67	70	}
68	71
...	...	@@ -21,7 +21,8 @@
21	21	"request": "^2.88.0",
22	22	"tektrans-logger": "^1.2.3",
23	23	"uniqid": "^5.3.0",
24		- "uuid": "^3.3.3"
	24	+ "uuid": "^3.3.3",
	25	+ "valid-url": "^1.0.9"
25	26	},
26	27	"devDependencies": {
27	28	"eslint": "^6.8.0",
...	...	@@ -41,6 +41,7 @@
41	41	"request": "^2.88.0",
42	42	"tektrans-logger": "^1.2.3",
43	43	"uniqid": "^5.3.0",
44		- "uuid": "^3.3.3"
	44	+ "uuid": "^3.3.3",
	45	+ "valid-url": "^1.0.9"
45	46	}
46	47	}