From 5aa492e886207725572c9d3462c467401d2b1648 Mon Sep 17 00:00:00 2001 From: Kyle Spearrin Date: Mon, 8 Nov 2021 11:47:03 -0500 Subject: [PATCH] validate service url schema (#1695) --- .../Organizations/OrganizationSsoRequestModel.cs | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Core/Models/Api/Request/Organizations/OrganizationSsoRequestModel.cs b/src/Core/Models/Api/Request/Organizations/OrganizationSsoRequestModel.cs index 66319f47bf..83ee2494f1 100644 --- a/src/Core/Models/Api/Request/Organizations/OrganizationSsoRequestModel.cs +++ b/src/Core/Models/Api/Request/Organizations/OrganizationSsoRequestModel.cs @@ -160,19 +160,19 @@ namespace Bit.Core.Models.Api new[] { nameof(IdpSingleSignOnServiceUrl) }); } - if (ContainsHtmlMetaCharacters(IdpSingleSignOnServiceUrl)) + if (InvalidServiceUrl(IdpSingleSignOnServiceUrl)) { yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleSignOnServiceUrlInvalid"), new[] { nameof(IdpSingleSignOnServiceUrl) }); } - if (ContainsHtmlMetaCharacters(IdpArtifactResolutionServiceUrl)) + if (InvalidServiceUrl(IdpArtifactResolutionServiceUrl)) { yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpArtifactResolutionServiceUrlInvalid"), new[] { nameof(IdpArtifactResolutionServiceUrl) }); } - if (ContainsHtmlMetaCharacters(IdpSingleLogoutServiceUrl)) + if (InvalidServiceUrl(IdpSingleLogoutServiceUrl)) { yield return new ValidationResult(i18nService.GetLocalizedHtmlString("IdpSingleLogoutServiceUrlInvalid"), new[] { nameof(IdpSingleLogoutServiceUrl) }); @@ -260,12 +260,16 @@ namespace Bit.Core.Models.Api RegexOptions.Multiline | RegexOptions.IgnoreCase | RegexOptions.CultureInvariant); } - private bool ContainsHtmlMetaCharacters(string url) + private bool InvalidServiceUrl(string url) { if (string.IsNullOrWhiteSpace(url)) { return false; } + if (!url.StartsWith("http://") && !url.StartsWith("https://")) + { + return true; + } return Regex.IsMatch(url, "[<>\"]"); } }