Skip to content

Commit

Permalink
Ensure DSN uses http/https protocol (#3044)
Browse files Browse the repository at this point in the history
Co-authored-by: Roman Zavarnitsyn <rom4ek93@gmail.com>
  • Loading branch information
markushi and romtsn committed Nov 10, 2023
1 parent 283d83e commit a73f0be
Show file tree
Hide file tree
Showing 3 changed files with 26 additions and 8 deletions.
4 changes: 4 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,10 @@

## Unreleased

### Fixes

- Ensure DSN uses http/https protocol ([#3044](https://github.com/getsentry/sentry-java/pull/3044))

### Features

- Add current activity name to app context ([#2999](https://github.com/getsentry/sentry-java/pull/2999))
Expand Down
15 changes: 7 additions & 8 deletions sentry/src/main/java/io/sentry/Dsn.java
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,12 @@ URI getSentryUri() {
Dsn(@Nullable String dsn) throws IllegalArgumentException {
try {
Objects.requireNonNull(dsn, "The DSN is required.");
URI uri = new URI(dsn).normalize();
final URI uri = new URI(dsn).normalize();
final String scheme = uri.getScheme();
if (!("http".equalsIgnoreCase(scheme) || "https".equalsIgnoreCase(scheme))) {
throw new IllegalArgumentException("Invalid DSN scheme: " + scheme);
}

String userInfo = uri.getUserInfo();
if (userInfo == null || userInfo.isEmpty()) {
throw new IllegalArgumentException("Invalid DSN: No public key provided.");
Expand All @@ -78,13 +83,7 @@ URI getSentryUri() {
}
sentryUri =
new URI(
uri.getScheme(),
null,
uri.getHost(),
uri.getPort(),
path + "api/" + projectId,
null,
null);
scheme, null, uri.getHost(), uri.getPort(), path + "api/" + projectId, null, null);
} catch (Throwable e) {
throw new IllegalArgumentException(e);
}
Expand Down
15 changes: 15 additions & 0 deletions sentry/src/test/java/io/sentry/DsnTest.kt
Original file line number Diff line number Diff line change
Expand Up @@ -80,4 +80,19 @@ class DsnTest {
val dsn = Dsn("http://key@host//id")
assertEquals("http://host/api/id", dsn.sentryUri.toURL().toString())
}

@Test
fun `non http protocols are not accepted`() {
assertFailsWith<IllegalArgumentException> { Dsn("ftp://publicKey:secretKey@host/path/id") }
assertFailsWith<IllegalArgumentException> { Dsn("jar://publicKey:secretKey@host/path/id") }
}

@Test
fun `both http and https protocols are accepted`() {
Dsn("http://publicKey:secretKey@host/path/id")
Dsn("https://publicKey:secretKey@host/path/id")

Dsn("HTTP://publicKey:secretKey@host/path/id")
Dsn("HTTPS://publicKey:secretKey@host/path/id")
}
}

0 comments on commit a73f0be

Please sign in to comment.