fix: add a check for port wildcards (#25294)

Co-authored-by: github-actions <41898282+github-actions[bot]@users.noreply.github.com>

frontend/src/lib/components/AuthorizedUrlList/authorizedUrlListLogic.test.ts

@@ -85,6 +85,14 @@ describe('the authorized urls list logic', () => {
                 proposedUrl: 'https://not.*.valid.*',
                 validityMessage: 'Wildcards can only be used for subdomains',
             },
+            {
+                proposedUrl: 'http://localhost:*',
+                validityMessage: 'Wildcards are not allowed in the port position',
+            },
+            {
+                proposedUrl: 'http://valid.example.com:*',
+                validityMessage: 'Wildcards are not allowed in the port position',
+            },
         ]
 
         testCases.forEach((testCase) => {

frontend/src/lib/components/AuthorizedUrlList/authorizedUrlListLogic.ts

@@ -47,6 +47,18 @@ export function sanitizePossibleWildCardedURL(url: string): URL {
     return new URL(deWildCardedURL)
 }
 
+/**
+ * Checks if the URL has a wildcard (*) in the port position eg http://localhost:*
+ */
+export function hasPortWildcard(input: string): boolean {
+    if (!input || typeof input !== 'string') {
+        return false
+    }
+    // This regex matches URLs with a wildcard (*) in the port position
+    const portWildcardRegex = /^(https?:\/\/[^:/]+):\*(.*)$/
+    return portWildcardRegex.test(input.trim())
+}
+
 export const validateProposedUrl = (
     proposedUrl: string,
     currentUrls: string[],
@@ -56,6 +68,10 @@ export const validateProposedUrl = (
         return 'Please enter a valid URL'
     }
 
+    if (hasPortWildcard(proposedUrl)) {
+        return 'Wildcards are not allowed in the port position'
+    }
+
     if (onlyAllowDomains && !isDomain(sanitizePossibleWildCardedURL(proposedUrl))) {
         return "Please enter a valid domain (URLs with a path aren't allowed)"
     }