gb_flea/paperclip
1
0
Fork 0
forked from farhoodlabs/paperclip
Code Pull Requests Activity

fix: add HTTPS protocol check to server-side GitHub URL parsers

Browse Source
This commit is contained in:
statxc
2026-04-01 21:27:10 +00:00
parent f9cebe9b73
commit 6a7830b07e
2 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
server/src/services/company-portability.ts
+3
View File
@@ -2567,6 +2567,9 @@ function normalizeGitHubSourcePath(value: string | null | undefined) {
export function parseGitHubSourceUrl(rawUrl: string) {
const url = new URL(rawUrl);
if (url.protocol !== "https:") {
throw unprocessable("GitHub source URL must use HTTPS");
}
const hostname = url.hostname;
const parts = url.pathname.split("/").filter(Boolean);
if (parts.length < 2) {
server/src/services/company-skills.ts
+3
View File
@@ -512,6 +512,9 @@ async function resolveGitHubCommitSha(owner: string, repo: string, ref: string,
function parseGitHubSourceUrl(rawUrl: string) {
const url = new URL(rawUrl);
if (url.protocol !== "https:") {
throw unprocessable("GitHub source URL must use HTTPS");
}
const parts = url.pathname.split("/").filter(Boolean);
if (parts.length < 2) {
throw unprocessable("Invalid GitHub URL");