fix: reject URLs longer than 2048 chars (BUG-011 DoS prevention)
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 9m12s
All checks were successful
Build & Deploy to Staging / Build & Deploy to Staging (push) Successful in 9m12s
This commit is contained in:
parent
44e31e355c
commit
5ec8c92413
1 changed files with 6 additions and 0 deletions
|
|
@ -24,7 +24,13 @@ const BLOCKED_HOSTS = [
|
||||||
/^kubernetes/,
|
/^kubernetes/,
|
||||||
];
|
];
|
||||||
|
|
||||||
|
const MAX_URL_LENGTH = 2048;
|
||||||
|
|
||||||
export async function validateUrl(urlStr: string): Promise<{ hostname: string; resolvedIp: string }> {
|
export async function validateUrl(urlStr: string): Promise<{ hostname: string; resolvedIp: string }> {
|
||||||
|
if (!urlStr || urlStr.length > MAX_URL_LENGTH) {
|
||||||
|
throw new Error(`Invalid URL: must be between 1 and ${MAX_URL_LENGTH} characters`);
|
||||||
|
}
|
||||||
|
|
||||||
let parsed: URL;
|
let parsed: URL;
|
||||||
try {
|
try {
|
||||||
parsed = new URL(urlStr);
|
parsed = new URL(urlStr);
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue