Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support wildcard as port number #46

Merged
merged 3 commits into from
Aug 1, 2022
Merged

Support wildcard as port number #46

merged 3 commits into from
Aug 1, 2022

Conversation

0xiso
Copy link
Contributor

@0xiso 0xiso commented Feb 23, 2022

If a wildcard is used as a port number, for example default-src http://example.com:*, it will cause an error like shown below. This pull request will fix this.

> parsed = new parser.CspParser("default-src http://example.com:*").csp;
Csp { directives: { 'default-src': [ 'http://example.com:*' ] } }
> new evaluator.CspEvaluator(parsed).evaluate();
Uncaught TypeError [ERR_INVALID_URL]: Invalid URL
    at __node_internal_captureLargerStackTrace (node:internal/errors:465:5)
    at new NodeError (node:internal/errors:372:5)
    at onParseError (node:internal/url:563:9)
    at new URL (node:internal/url:643:5)
    at Object.matchWildcardUrls (/tmp/node_modules/csp_evaluator/dist/utils.js:28:20)
    at checkScriptAllowlistBypass (/tmp/node_modules/csp_evaluator/dist/checks/security_checks.js:151:37)
    at CspEvaluator.evaluate (/tmp/node_modules/csp_evaluator/dist/evaluator.js:43:50) {
  input: 'https://example.com:wildcard_placeholder',
  code: 'ERR_INVALID_URL'
}

@google-cla
Copy link

google-cla bot commented Feb 23, 2022

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

For more information, open the CLA check for this pull request.

@adalfonso
Copy link

Hey, any update regarding this PR? I'm also facing this issue.

@0xiso
Copy link
Contributor Author

0xiso commented Aug 1, 2022

@ddworken Could you check this PR?

@ddworken ddworken merged commit 2d9bee1 into google:master Aug 1, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@0xiso @adalfonso @ddworken