BigBlueButton/bigbluebutton-Github
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[GHSA-j42p-fh2w-24q6] - validate URL for external upload of presentation.

Browse Source
This commit is contained in:
GuiLeme 2023-11-09 09:50:38 -03:00 committed by Anton Georgiev
parent d30b806b47
commit 554f4f2e2a
1 changed files with 17 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
bbb-common-web/src/main/java/org/bigbluebutton/api/service/ValidationService.java
View File

@ -14,6 +14,9 @@ import javax.validation.Validation;
import javax.validation.Validator;
import javax.validation.ValidatorFactory;
import java.io.UnsupportedEncodingException;
import java.net.MalformedURLException;
import java.net.URISyntaxException;
import java.net.URL;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.*;
@ -76,6 +79,11 @@ public class ValidationService {
if(request == null) {
violations.put("validationError", "Request not recognized");
} else if(params.containsKey("presentationUploadExternalUrl")) {
String urlToValidate = params.get("presentationUploadExternalUrl")[0];
if(!this.isValidURL(urlToValidate)) {
violations.put("validationError", "Param 'presentationUploadExternalUrl' is not a valid URL");
}
} else {
request.populateFromParamsMap(params);
violations = performValidation(request);
@ -84,6 +92,15 @@ public class ValidationService {
return violations;
}
boolean isValidURL(String url) {
try {
new URL(url).toURI();
return true;
} catch (MalformedURLException | URISyntaxException e) {
return false;
}
}
private Request initializeRequest(ApiCall apiCall, Map<String, String[]> params, String queryString) {
Request request = null;
Checksum checksum;