Ensure DSN uses http/https protocol (#3044)

Co-authored-by: Roman Zavarnitsyn <rom4ek93@gmail.com>
getsentry · Nov 10, 2023 · a73f0be · a73f0be
1 parent 283d83e
commit a73f0be
Show file tree

Hide file tree

Showing 3 changed files with 26 additions and 8 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 ## Unreleased
 
+### Fixes
+
+- Ensure DSN uses http/https protocol ([#3044](https://github.com/getsentry/sentry-java/pull/3044))
+
 ### Features
 
 - Add current activity name to app context ([#2999](https://github.com/getsentry/sentry-java/pull/2999))

diff --git a/sentry/src/main/java/io/sentry/Dsn.java b/sentry/src/main/java/io/sentry/Dsn.java
@@ -51,7 +51,12 @@ URI getSentryUri() {
   Dsn(@Nullable String dsn) throws IllegalArgumentException {
     try {
       Objects.requireNonNull(dsn, "The DSN is required.");
-      URI uri = new URI(dsn).normalize();
+      final URI uri = new URI(dsn).normalize();
+      final String scheme = uri.getScheme();
+      if (!("http".equalsIgnoreCase(scheme) || "https".equalsIgnoreCase(scheme))) {
+        throw new IllegalArgumentException("Invalid DSN scheme: " + scheme);
+      }
+
       String userInfo = uri.getUserInfo();
       if (userInfo == null || userInfo.isEmpty()) {
         throw new IllegalArgumentException("Invalid DSN: No public key provided.");
@@ -78,13 +83,7 @@ URI getSentryUri() {
       }
       sentryUri =
           new URI(
-              uri.getScheme(),
-              null,
-              uri.getHost(),
-              uri.getPort(),
-              path + "api/" + projectId,
-              null,
-              null);
+              scheme, null, uri.getHost(), uri.getPort(), path + "api/" + projectId, null, null);
     } catch (Throwable e) {
       throw new IllegalArgumentException(e);
     }

diff --git a/sentry/src/test/java/io/sentry/DsnTest.kt b/sentry/src/test/java/io/sentry/DsnTest.kt
@@ -80,4 +80,19 @@ class DsnTest {
         val dsn = Dsn("http://key@host//id")
         assertEquals("http://host/api/id", dsn.sentryUri.toURL().toString())
     }
+
+    @Test
+    fun `non http protocols are not accepted`() {
+        assertFailsWith<IllegalArgumentException> { Dsn("ftp://publicKey:secretKey@host/path/id") }
+        assertFailsWith<IllegalArgumentException> { Dsn("jar://publicKey:secretKey@host/path/id") }
+    }
+
+    @Test
+    fun `both http and https protocols are accepted`() {
+        Dsn("http://publicKey:secretKey@host/path/id")
+        Dsn("https://publicKey:secretKey@host/path/id")
+
+        Dsn("HTTP://publicKey:secretKey@host/path/id")
+        Dsn("HTTPS://publicKey:secretKey@host/path/id")
+    }
 }