Skip to content

Commit

Permalink
Merge pull request #272 from italia/fix-metadata-url-check
Browse files Browse the repository at this point in the history 
fix: add metadata url check
  • Loading branch information
@damikael
damikael authored Jan 11, 2024
2 parents 414e2b7 + 7b3165f commit 61aa66e
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 3 deletions.
28 changes: 28 additions & 0 deletions spid-validator/server/lib/utils.js
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
const url = require("url");
const path = require("path");
const https = require("https");
const CircularJSON = require("circular-json");
const child_process = require('child_process');
const UUID = require("uuidjs");
Expand Down Expand Up @@ -56,6 +57,19 @@ class Utils {

static metadataDownload(src, dest) {
return new Promise((resolve, reject) => {

// check if URL is valid
if(!this.isValidUrl(src)) {
return reject("Inserire una URL valida");
}

// check if URL exists
https.get(src, (res) => {
if(res.statusCode!='200') {
return reject("Metadata non trovato alla URL indicata");
}
})

const file_name = url.parse(src).pathname.split('/').pop();
const file_extention = path.extname(file_name);
const cmd = 'wget -O "' + dest + '" "' + src + '" --no-check-certificate --no-cache --no-cookies --user-agent="Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"';
Expand Down Expand Up @@ -211,6 +225,20 @@ class Utils {
});
return fileArray;
}

static isValidUrl(str) {
const pattern = new RegExp(
'^([a-zA-Z]+:\\/\\/)?' + // protocol
'((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name
'((\\d{1,3}\\.){3}\\d{1,3}))' + // OR IP (v4) address
'(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path
'(\\?[;&a-z\\d%_.~+=-]*)?' + // query string
'(\\#[-a-z\\d_]*)?$', // fragment locator
'i'
);
return pattern.test(str);
}

}

module.exports = Utils;
7 changes: 7 additions & 0 deletions spid-validator/server/npm-shrinkwrap.json_original
View file

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

7 changes: 4 additions & 3 deletions spid-validator/server/package.json
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
{
"name": "spid-validator",
"version": "1.10.4",
"version": "1.10.5",
"description": "Tool for validating Service Provider compliance to SPID response from Identity Provider",
"main": "spid-validator",
"author": "Michele D'Amico (damikael) - AgID",
Expand All @@ -26,8 +26,9 @@
"unzip": "^0.1.11",
"upload": "^1.3.2",
"uuidjs": "^4.0.3",
"xml-encryption": "^0.11.1",
"xmlbuilder": "^9.0.7",
"xml-encryption": "^3.0.2",
"xmlbuilder": "^15.1.1",
"xmldom": "^0.6.0",
"xpath": "0.0.27",
"xpath.js": "^1.1.0"
}
Expand Down

0 comments on commit 61aa66e

Please sign in to comment.