From 74e563da7fa6886449fd2be5933e2d4ca5c85f48 Mon Sep 17 00:00:00 2001
From: jack <jack.su@pollex.com.tw>
Date: 星期二, 12 九月 2023 11:25:52 +0800
Subject: [PATCH] [UPDATE] 解決弱點Se: Incorrect definition of Serializable class [UPDATE] 解決弱點Information exposure to log file [UPDATE] 解決弱點Use of hard-coded password

---
 PAMapp/shared/services/httpClient.ts |   14 ++++++++++----
 1 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/PAMapp/shared/services/httpClient.ts b/PAMapp/shared/services/httpClient.ts
index 82c83d8..db17491 100644
--- a/PAMapp/shared/services/httpClient.ts
+++ b/PAMapp/shared/services/httpClient.ts
@@ -16,14 +16,20 @@
 const BASE_URL = process.env.BASE_URL!;
 
 function sanitizeBaseUrl(baseUrl: string): string {
-  const isValidBaseUrl = (url: string) => url.includes('api');
-  if (isValidBaseUrl(baseUrl)) {
-    return baseUrl;
-  } else {
+  const pattern = /^(https?:\/\/).+/i;
+  if (!pattern.test(baseUrl)) {
     throw new Error('Invalid BASE_URL');
   }
+  const cleanedBaseUrl = cleanUrl(baseUrl);
+  return cleanedBaseUrl;
 }
 
+function cleanUrl(url: string): string {
+  const cleanedUrl = url.replace(/[^a-zA-Z0-9:/._-]/g, '');
+  return cleanedUrl;
+}
+
+
 export const http = axios.create({
   baseURL: sanitizeBaseUrl(BASE_URL),
   withCredentials: true

--
Gitblit v1.8.0