From 579d47c16ff7174d76e0673227e7d63623b628a2 Mon Sep 17 00:00:00 2001
From: BocognanoSarah <sarah.bocognano@filigran.io>
Date: Thu, 4 Jul 2024 10:50:18 +0200
Subject: [PATCH] [frontend] External reference URL are not properly validated
 during creation (#7431)

---
 .../external_references/ExternalReferenceCreation.tsx      | 7 ++++++-
 .../ExternalReferenceEditionOverview.tsx                   | 7 ++++++-
 2 files changed, 12 insertions(+), 2 deletions(-)

diff --git a/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceCreation.tsx b/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceCreation.tsx
index 3a0e644c4d06..7d9ed64377de 100644
--- a/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceCreation.tsx
+++ b/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceCreation.tsx
@@ -70,7 +70,12 @@ export const externalReferenceCreationMutation = graphql`
 const externalReferenceValidation = (t: (value: string) => string) => Yup.object().shape({
   source_name: Yup.string().required(t('This field is required')),
   external_id: Yup.string().nullable(),
-  url: Yup.string().url(t('The value must be an URL')).nullable(),
+  url: Yup.string()
+    .nullable()
+    .matches(
+      /^(https?:\/\/[^\s/$.?#].[^\s]*)$/,
+      t('The value must be a valid URL'),
+    ),
   description: Yup.string().nullable(),
   file: Yup.mixed().nullable(),
 });
diff --git a/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceEditionOverview.tsx b/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceEditionOverview.tsx
index c15737fff4e6..863e30817190 100644
--- a/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceEditionOverview.tsx
+++ b/opencti-platform/opencti-front/src/private/components/analyses/external_references/ExternalReferenceEditionOverview.tsx
@@ -41,7 +41,12 @@ export const externalReferenceEditionOverviewFocus = graphql`
 const externalReferenceValidation = (t: (value: string) => string) => Yup.object().shape({
   source_name: Yup.string().required(t('This field is required')),
   external_id: Yup.string().nullable(),
-  url: Yup.string().url(t('The value must be an URL')).nullable(),
+  url: Yup.string()
+    .nullable()
+    .matches(
+      /^(https?:\/\/[^\s/$.?#].[^\s]*)$/,
+      t('The value must be a valid URL'),
+    ),
   description: Yup.string().nullable(),
 });