refactor: url validation (http/https) before opening

[victorlpgazolli]

Summary:

I've been curious about how rn cli handle app in debug mode interactions with IDE,
I know that when you get some error in your app (e.g crash) when you are coding, you get an error message saying what line broke.. And that got me thinking.. how can the app open my IDE? and I came across this endpoint from cli package cli-server-api:

POST /open-url

In first sight i assumed it was HTTP and HTTPS only, but its not, turns out you can open any uri scheme.

To put this in perspective, if you have the cli-server-api running and someone inside your network wants your pc to open any uri scheme, they can though this endpoint. Especial thanks to @R3tr074 for investigating it further (poc)

POC:

curl --request POST \
  --url http://localhost:8081/open-url \
  --header 'Content-Type: application/json' \
  --data '{"url": "file:///etc/hosts"}'

Other uri schemes:

I've tested on linux and macOs, linux depends on how you set up your xdg-open config, and macOs uses the default open command;

You can see what uri schemes are available on MacOs using this command

lsregister -dump URLSchemeBinding;

# lsregister is available at: /System/Library/Frameworks/CoreServices.framework/Versions/A/Frameworks/LaunchServices.framework/Versions/A/Support/lsregister

Test Plan:

I tested it with react-native change locally, and linking with my projects as previously recommended in contributing guide

Result:

[thymikee]

Thanks! I left a small feedback but it seems correct in general

[victorlpgazolli]

Thanks! I left a small feedback but it seems correct in general

Thanks @thymikee ! i've changed as requested ;)

[thymikee]

[thymikee]

Would you mind running yarn lint --fix to correct linting issues?