fix: Incomplete URL substring sanitation

theopensystemslab · Sep 20, 2023 · 2926091 · 2926091
1 parent 03e24e2
commit 2926091
Showing 1 changed file with 24 additions and 7 deletions.
diff --git a/editor.planx.uk/src/airbrake.ts b/editor.planx.uk/src/airbrake.ts
@@ -31,16 +31,33 @@ function getErrorLogger(): ErrorLogger {
   return new Notifier({
     projectId: Number(process.env.REACT_APP_AIRBRAKE_PROJECT_ID!),
     projectKey: process.env.REACT_APP_AIRBRAKE_PROJECT_KEY!,
-    environment:
-      window.location.host.endsWith("planx.uk") ||
-      window.location.host.endsWith("gov.uk")
-        ? "production"
-        : window.location.host.endsWith("planx.dev")
-        ? "staging"
-        : "pullrequest",
+    environment: getEnvForAllowedHosts(window.location.host)
   });
 }
 
 interface ErrorLogger {
   notify: (args: unknown) => void;
 }
+
+/**
+ * Checking a partial host can be unsafe, e.g.
+ * window.location.host.endsWith("gov.uk")
+ */
+const getEnvForAllowedHosts = (host: string) => {
+  switch (host) {
+    case "planningservices.newcastle.gov.uk":
+    case "planningservices.medway.gov.uk":
+    case "planningservices.doncaster.gov.uk":
+    case "planningservices.lambeth.gov.uk":
+    case "planningservices.southwark.gov.uk":
+    case "planningservices.buckinghamshire.gov.uk":
+    case "editor.planx.uk":
+      return "production"  
+
+    case "editor.planx.dev":
+      return "staging"  
+
+    default:
+      "pullrequest";
+  }
+}