From dbd8f4fb4ba775b029c0ac2cdd3aa19be16cab95 Mon Sep 17 00:00:00 2001
From: Josh Mac <josh.mac@magic.link>
Date: Wed, 21 Aug 2024 12:43:17 -0400
Subject: [PATCH] PS-106 Verify NextJS Image Domains

---
 .github/workflows/nextjs_image_domain_check.yml | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 .github/workflows/nextjs_image_domain_check.yml

diff --git a/.github/workflows/nextjs_image_domain_check.yml b/.github/workflows/nextjs_image_domain_check.yml
new file mode 100644
index 0000000..ae6687f
--- /dev/null
+++ b/.github/workflows/nextjs_image_domain_check.yml
@@ -0,0 +1,15 @@
+# Ensure we do not allow all domains for image optimization,
+# which will lead to an XSS security vulnerability.
+name: NextJS Image Domain Check
+
+on:
+  push:
+    branches:
+      - '**'
+
+jobs:
+  call_nextjs_image_regex:
+    uses: magiclabs/gha-reusable-workflows/.github/workflows/forbidden_string_check.yml@master
+    with:
+      file_extensions: '.js,.ts'
+      regex_pattern: "domains:\\s*\\[\\s*\\\"\\*\\\"\\s*\\]"