Skip to content

Commit

Permalink
check URL
Browse files Browse the repository at this point in the history
  • Loading branch information
@cbellone
cbellone committed Apr 19, 2024
1 parent d1c09c4 commit e0cb2db
Showing 1 changed file with 6 additions and 2 deletions.
8 changes: 6 additions & 2 deletions src/main/java/alfio/manager/FileDownloadManager.java
View file
Expand Up @@ -17,9 +17,11 @@
package alfio.manager;

import alfio.model.modification.UploadBase64FileModification;
import com.beust.jcommander.Strings;
import lombok.AllArgsConstructor;
import lombok.Getter;
import lombok.extern.log4j.Log4j2;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

Expand All @@ -31,6 +33,8 @@
import java.util.Objects;
import java.util.regex.Pattern;

import static java.util.Objects.requireNonNull;


public class FileDownloadManager {

Expand All @@ -42,8 +46,8 @@ public FileDownloadManager(HttpClient httpClient) {
}

public DownloadedFile downloadFile(String url) {
HttpRequest httpRequest = HttpRequest.newBuilder(URI.create(url)).GET().build();
HttpResponse<byte[]> response = null;
HttpRequest httpRequest = HttpRequest.newBuilder(URI.create(requireNonNull(StringUtils.trimToNull(url)))).GET().build();

Check failure

Code scanning / CodeQL

Server-side request forgery Critical

Potential server-side request forgery due to a
user-provided value
.
Potential server-side request forgery due to a
user-provided value
.
Potential server-side request forgery due to a
user-provided value
.
Potential server-side request forgery due to a
user-provided value
.
HttpResponse<byte[]> response;
try {
response = httpClient.send(httpRequest, HttpResponse.BodyHandlers.ofByteArray());
} catch (IOException exception) {
Expand Down

0 comments on commit e0cb2db

Please sign in to comment.