From 6013463f06951155432d77d15a8460b851c0eefc Mon Sep 17 00:00:00 2001
From: Alexander Tarasov <alex.tarasov@sentry.io>
Date: Thu, 8 Feb 2024 18:11:51 +0100
Subject: [PATCH] fix(integrations): phabricator host validation (#64882)

---
 src/sentry_plugins/phabricator/plugin.py        |  8 ++++++++
 tests/sentry_plugins/phabricator/test_plugin.py | 14 ++++++++++++++
 2 files changed, 22 insertions(+)

diff --git a/src/sentry_plugins/phabricator/plugin.py b/src/sentry_plugins/phabricator/plugin.py
index 9d7f9c8f0bb609..514111308e68b4 100644
--- a/src/sentry_plugins/phabricator/plugin.py
+++ b/src/sentry_plugins/phabricator/plugin.py
@@ -8,6 +8,7 @@
 
 from sentry.exceptions import PluginError
 from sentry.integrations import FeatureDescription, IntegrationFeatures
+from sentry.net.socket import is_valid_url
 from sentry.plugins.bases.issue2 import IssueGroupActionEndpoint, IssuePlugin2
 from sentry.utils import json
 from sentry.utils.http import absolute_uri
@@ -33,6 +34,12 @@ def query_to_result(field, result):
     return result["fields"]["name"]
 
 
+def validate_host(value: str, **kwargs: object) -> str:
+    if not value.startswith(("http://", "https://")) or not is_valid_url(value):
+        raise PluginError("Not a valid URL.")
+    return value
+
+
 class PhabricatorPlugin(CorePluginMixin, IssuePlugin2):
     description = DESCRIPTION
 
@@ -78,6 +85,7 @@ def get_configure_plugin_fields(self, request: Request, project, **kwargs):
                 "type": "text",
                 "placeholder": "e.g. http://secure.phabricator.org",
                 "required": True,
+                "validators": [validate_host],
             },
             secret_field,
             {
diff --git a/tests/sentry_plugins/phabricator/test_plugin.py b/tests/sentry_plugins/phabricator/test_plugin.py
index a5c3196f539b40..25a0b97e111c47 100644
--- a/tests/sentry_plugins/phabricator/test_plugin.py
+++ b/tests/sentry_plugins/phabricator/test_plugin.py
@@ -2,8 +2,11 @@
 
 import responses
 from django.test import RequestFactory
+from pytest import raises
 
+from sentry.exceptions import PluginError
 from sentry.testutils.cases import PluginTestCase
+from sentry.testutils.helpers import override_blocklist
 from sentry_plugins.phabricator.plugin import PhabricatorPlugin
 
 
@@ -43,3 +46,14 @@ def test_is_configured(self):
         assert self.plugin.is_configured(None, self.project) is False
         self.plugin.set_option("certificate", "a-certificate", self.project)
         assert self.plugin.is_configured(None, self.project) is True
+
+    @override_blocklist("127.0.0.1")
+    def test_invalid_url(self):
+        with raises(PluginError):
+            self.plugin.validate_config_field(
+                project=self.project, name="host", value="ftp://example.com"
+            )
+        with raises(PluginError):
+            self.plugin.validate_config_field(
+                project=self.project, name="host", value="http://127.0.0.1"
+            )