Skip to content

Commit

Permalink
fix: resolved relative URL issue in sanitizeUrl method
Browse files Browse the repository at this point in the history
refs 159741
  • Loading branch information
aryamohanan authored Mar 21, 2024
1 parent 3996301 commit a2fac29
Show file tree
Hide file tree
Showing 2 changed files with 13 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -996,7 +996,7 @@ function verifyHttpExit(spans, parentSpan, url) {
span => expect(span.s).to.be.a('string'),
span => expect(span.p).to.equal(parentSpan.s),
span => expect(span.data.http.method).to.equal('GET'),
span => expect(span.data.http.url).contains(`${otherVendorAppPort}${url}`),
span => expect(span.data.http.url).to.match(RegExp(`^.*:${otherVendorAppPort}${url}$`)),
span => expect(span.data.http.status).to.equal(200),
span => expect(span.fp).to.not.exist
]);
Expand Down
13 changes: 12 additions & 1 deletion packages/core/src/util/url.js
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,7 @@ const { URL } = require('url');
const secrets = require('../secrets');

/**
* Sanitizes the incoming URL by removing query parameters and redacting basic auth credentials if present.
* @param {string} urlString the URL that will be sanitized
* @returns {string} the URL, without query parameters, matrix parameters and with basic auth credentials redacted
*/
Expand All @@ -17,15 +18,25 @@ exports.sanitizeUrl = function sanitizeUrl(urlString) {
try {
const url = new URL(urlString);

// If URL has no protocol, host, or path, return the original URL.
// TODO: This case need adjustment for complete sanitization of the URL.
if (!url.protocol && !url.host && !url.pathname) {
return urlString;
}

// Normalize the URL with redacted credentials.
normalizedUrl = `${nullToEmptyString(url.protocol)}${url.protocol || url.host ? '//' : ''}${
url.username || url.password ? '<redacted>:<redacted>@' : ''
}${nullToEmptyString(url.host)}${nullToEmptyString(url.pathname)}`;
} catch (e) {
return urlString;
// If URL parsing fails and it's a relative URL, return its path.
// For example, if the input is "/foo?a=b", the returned value will be "/foo".
if (typeof urlString === 'string' && urlString.startsWith('/')) {
return new URL(urlString, 'https://example.org/').pathname;
} else {
// This case need adjustment for complete sanitization of the URL, reference 159741
return urlString;
}
}
return normalizedUrl;
};
Expand Down

0 comments on commit a2fac29

Please sign in to comment.