From 7b3165fa26d8c4bccc9261f08f4ecbb8d8a7ce0e Mon Sep 17 00:00:00 2001 From: damikael Date: Thu, 11 Jan 2024 10:30:03 +0100 Subject: [PATCH] fix: add metadata url check --- spid-validator/server/lib/utils.js | 28 +++++++++++++++++++ .../server/npm-shrinkwrap.json_original | 7 +++++ spid-validator/server/package.json | 7 +++-- 3 files changed, 39 insertions(+), 3 deletions(-) create mode 100644 spid-validator/server/npm-shrinkwrap.json_original diff --git a/spid-validator/server/lib/utils.js b/spid-validator/server/lib/utils.js index bffdf45..bdf3901 100644 --- a/spid-validator/server/lib/utils.js +++ b/spid-validator/server/lib/utils.js @@ -1,5 +1,6 @@ const url = require("url"); const path = require("path"); +const https = require("https"); const CircularJSON = require("circular-json"); const child_process = require('child_process'); const UUID = require("uuidjs"); @@ -56,6 +57,19 @@ class Utils { static metadataDownload(src, dest) { return new Promise((resolve, reject) => { + + // check if URL is valid + if(!this.isValidUrl(src)) { + return reject("Inserire una URL valida"); + } + + // check if URL exists + https.get(src, (res) => { + if(res.statusCode!='200') { + return reject("Metadata non trovato alla URL indicata"); + } + }) + const file_name = url.parse(src).pathname.split('/').pop(); const file_extention = path.extname(file_name); const cmd = 'wget -O "' + dest + '" "' + src + '" --no-check-certificate --no-cache --no-cookies --user-agent="Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:52.0) Gecko/20100101 Firefox/52.0"'; @@ -211,6 +225,20 @@ class Utils { }); return fileArray; } + + static isValidUrl(str) { + const pattern = new RegExp( + '^([a-zA-Z]+:\\/\\/)?' + // protocol + '((([a-z\\d]([a-z\\d-]*[a-z\\d])*)\\.)+[a-z]{2,}|' + // domain name + '((\\d{1,3}\\.){3}\\d{1,3}))' + // OR IP (v4) address + '(\\:\\d+)?(\\/[-a-z\\d%_.~+]*)*' + // port and path + '(\\?[;&a-z\\d%_.~+=-]*)?' + // query string + '(\\#[-a-z\\d_]*)?$', // fragment locator + 'i' + ); + return pattern.test(str); + } + } module.exports = Utils; diff --git a/spid-validator/server/npm-shrinkwrap.json_original b/spid-validator/server/npm-shrinkwrap.json_original new file mode 100644 index 0000000..967711b --- /dev/null +++ b/spid-validator/server/npm-shrinkwrap.json_original @@ -0,0 +1,7 @@ +{ + "dependencies": { + "graceful-fs": { + "version": "4.2.2" + } + } +} \ No newline at end of file diff --git a/spid-validator/server/package.json b/spid-validator/server/package.json index ab1f5c9..c93e22c 100644 --- a/spid-validator/server/package.json +++ b/spid-validator/server/package.json @@ -1,6 +1,6 @@ { "name": "spid-validator", - "version": "1.10.4", + "version": "1.10.5", "description": "Tool for validating Service Provider compliance to SPID response from Identity Provider", "main": "spid-validator", "author": "Michele D'Amico (damikael) - AgID", @@ -26,8 +26,9 @@ "unzip": "^0.1.11", "upload": "^1.3.2", "uuidjs": "^4.0.3", - "xml-encryption": "^0.11.1", - "xmlbuilder": "^9.0.7", + "xml-encryption": "^3.0.2", + "xmlbuilder": "^15.1.1", + "xmldom": "^0.6.0", "xpath": "0.0.27", "xpath.js": "^1.1.0" }