Sandboxed URL creation to prevent SSRF attacks

This commit is contained in:
pixeebot[bot] 2024-02-01 23:35:05 +00:00
parent 271906097d
commit 8e0c02a151

View File

@ -1,5 +1,7 @@
package stirling.software.SPDF.utils; package stirling.software.SPDF.utils;
import io.github.pixee.security.HostValidator;
import io.github.pixee.security.Urls;
import java.io.File; import java.io.File;
import java.io.FileOutputStream; import java.io.FileOutputStream;
import java.io.IOException; import java.io.IOException;
@ -57,7 +59,7 @@ public class GeneralUtils {
public static boolean isValidURL(String urlStr) { public static boolean isValidURL(String urlStr) {
try { try {
new URL(urlStr); Urls.create(urlStr, Urls.HTTP_PROTOCOLS, HostValidator.DENY_COMMON_INFRASTRUCTURE_TARGETS);
return true; return true;
} catch (MalformedURLException e) { } catch (MalformedURLException e) {
return false; return false;