Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Hardening suggestions for Stirling-PDF / multipleFix #1743

Merged
merged 1 commit into from
Aug 23, 2024
Merged

Hardening suggestions for Stirling-PDF / multipleFix #1743

merged 1 commit into from
Aug 23, 2024

Conversation

pixeebot[bot]
Copy link
Contributor

@pixeebot pixeebot bot commented Aug 23, 2024

I've reviewed the recently opened PR (1742 - Multiple flag fix) and have identified some area(s) that could benefit from additional hardening measures.

These changes should help prevent potential security vulnerabilities and improve overall code quality.

Thank you for your consideration!
🧚🤖 Powered by Pixeebot

Feedback | Community | Docs

@pixeebot pixeebot bot requested a review from Frooodle as a code owner August 23, 2024 08:09
@pixeebot pixeebot bot requested a review from Frooodle August 23, 2024 08:09
pixeebot[bot]
pixeebot bot commented Aug 23, 2024
View reviewed changes
src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
@@ -77,7 +77,7 @@ public static boolean isValidURL(String urlStr) {

public static boolean isURLReachable(String urlStr) {
try {
URL url = new URL(urlStr);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Wrapped the URL creation with a method that forces the caller to pick allowed protocols and domains that this URL can reach

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pixeebot for things like this i would love to see a link to what domains it allows and doesn't, I have no idea if I can allow this PR based on this general description

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Great idea! We just made this change: pixee/codemodder-java#442.

@github-actions github-actions bot added the Java Pull requests that update Java code label Aug 23, 2024
@Frooodle Frooodle merged commit fcc7808 into multipleFix Aug 23, 2024
2 checks passed
@Frooodle Frooodle deleted the pixeebot/multipleFix branch August 23, 2024 08:18
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nahsra nahsra nahsra left review comments

@Frooodle Frooodle Awaiting requested review from Frooodle Frooodle is a code owner

Assignees
No one assigned
Labels
Java Pull requests that update Java code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@nahsra @Frooodle