PS-106 Verify NextJS Image Domains

magiclabs · Aug 21, 2024 · dbd8f4f · dbd8f4f
1 parent 5542d17
commit dbd8f4f
Showing 1 changed file with 15 additions and 0 deletions.
diff --git a/.github/workflows/nextjs_image_domain_check.yml b/.github/workflows/nextjs_image_domain_check.yml
@@ -0,0 +1,15 @@
+# Ensure we do not allow all domains for image optimization,
+# which will lead to an XSS security vulnerability.
+name: NextJS Image Domain Check
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  call_nextjs_image_regex:
+    uses: magiclabs/gha-reusable-workflows/.github/workflows/forbidden_string_check.yml@master
+    with:
+      file_extensions: '.js,.ts'
+      regex_pattern: "domains:\\s*\\[\\s*\\\"\\*\\\"\\s*\\]"