[frontend] External reference URL are not properly validated during c…

…reation (OpenCTI-Platform#7431) Co-authored-by: Samuel Hassine <[email protected]>
fbicyber · Jul 8, 2024 · 2b09daa · 2b09daa
1 parent 957c9d2
commit 2b09daa
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 2 deletions.
diff --git a/...i-front/src/private/components/analyses/external_references/ExternalReferenceCreation.tsx b/...i-front/src/private/components/analyses/external_references/ExternalReferenceCreation.tsx
@@ -70,7 +70,12 @@ export const externalReferenceCreationMutation = graphql`
 const externalReferenceValidation = (t: (value: string) => string) => Yup.object().shape({
   source_name: Yup.string().required(t('This field is required')),
   external_id: Yup.string().nullable(),
-  url: Yup.string().url(t('The value must be an URL')).nullable(),
+  url: Yup.string()
+    .nullable()
+    .matches(
+      /^(https?:\/\/[^\s/$.?#].[^\s]*)$/,
+      t('The value must be an URL'),
+    ),
   description: Yup.string().nullable(),
   file: Yup.mixed().nullable(),
 });

diff --git a/.../src/private/components/analyses/external_references/ExternalReferenceEditionOverview.tsx b/.../src/private/components/analyses/external_references/ExternalReferenceEditionOverview.tsx
@@ -41,7 +41,12 @@ export const externalReferenceEditionOverviewFocus = graphql`
 const externalReferenceValidation = (t: (value: string) => string) => Yup.object().shape({
   source_name: Yup.string().required(t('This field is required')),
   external_id: Yup.string().nullable(),
-  url: Yup.string().url(t('The value must be an URL')).nullable(),
+  url: Yup.string()
+    .nullable()
+    .matches(
+      /^(https?:\/\/[^\s/$.?#].[^\s]*)$/,
+      t('The value must be an URL'),
+    ),
   description: Yup.string().nullable(),
 });