notifications icon indicating copy to clipboard operation
notifications copied to clipboard
verified publisher icon opensearch-project

Improve Webhook Validation

Open davidcui1225 opened this issue 4 years ago • 4 comments

Currently validation on webhooks for creating channels is very basic. During testing I was able to create configs with domain names such as https://doma.

Should we add a regex check to the webhook validation to improve the check?

davidcui1225 avatar Aug 24 '21 16:08 davidcui1225

there's backend input validation when initializing it as an object. For frontend I am not sure. But do you see a channel actually being created and added to he records?

zhongnansu avatar Aug 24 '21 17:08 zhongnansu

I see a channel created successfully in the front-end for that https://doma config. And in the backend testing when I write a Chime object with similar url, the config is created with no issue

davidcui1225 avatar Aug 24 '21 17:08 davidcui1225

I see a channel created successfully in the front-end for that https://doma config. And in the backend testing when I write a Chime object with similar url, the config is created with no issue

I see. I did a little search, since we use jave.net.URL and depend on the MalFoarmatURLException to decide if a url is valid. But for input like https://doma, it will consider it as valid. See ref here. We need to find some best practice for url validating. Using some other lib or some combination

zhongnansu avatar Aug 24 '21 18:08 zhongnansu

I believe we should not put more restriction since it may be really used. using jave.net.URL should be good.

akbhatta avatar Aug 24 '21 20:08 akbhatta