fix: restrict remote pinning service endpoint URIs to HTTP/HTTPS

aschmahmann · aschmahmann · commit 61f3a2f3a2e6 · 2021-01-27T19:28:58.000-05:00
diff --git a/core/commands/pin/remotepin.go b/core/commands/pin/remotepin.go
@@ -740,7 +740,7 @@ func getRemotePinServiceInfo(env cmds.Environment, name string) (endpoint, key s
 
 func normalizeEndpoint(endpoint string) (string, error) {
 	uri, err := neturl.ParseRequestURI(endpoint)
-	if err != nil || !strings.HasPrefix(uri.Scheme, "http") {
+	if err != nil || !(uri.Scheme == "http" || uri.Scheme == "https") {
 		return "", fmt.Errorf("service endpoint must be a valid HTTP URL")
 	}
 

Original file line number	Diff line number	Diff line change
`@@ -740,7 +740,7 @@ func getRemotePinServiceInfo(env cmds.Environment, name string) (endpoint, key s`
`740`	`740`
`741`	`741`	`func normalizeEndpoint(endpoint string) (string, error) {`
`742`	`742`	`uri, err := neturl.ParseRequestURI(endpoint)`
`743`		`- if err != nil \|\| !strings.HasPrefix(uri.Scheme, "http") {`
	`743`	`+ if err != nil \|\| !(uri.Scheme == "http" \|\| uri.Scheme == "https") {`
`744`	`744`	`return "", fmt.Errorf("service endpoint must be a valid HTTP URL")`
`745`	`745`	`}`
`746`	`746`