Skip to content

Commit

Permalink
fix: Incomplete URL substring sanitation (#2227)
Browse files Browse the repository at this point in the history
  • Loading branch information
DafyddLlyr authored Sep 20, 2023
1 parent a37f659 commit 9c77d09
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 8 deletions.
2 changes: 1 addition & 1 deletion editor.planx.uk/src/airbrake.test.ts
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ describe("logger", () => {

test("Notifier is configured in a production-like environment", () => {
windowSpy.mockImplementation(() => ({
location: { host: "blah.planx.uk" },
location: { host: "editor.planx.uk" },
}));
process.env = Object.assign({
REACT_APP_ENV: "production",
Expand Down
31 changes: 24 additions & 7 deletions editor.planx.uk/src/airbrake.ts
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,29 @@ import { isLiveEnv } from "utils";

export const logger = getErrorLogger();

/**
* Checking a partial host can be unsafe, e.g.
* window.location.host.endsWith("gov.uk")
*/
function getEnvForAllowedHosts(host: string) {
switch (host) {
case "planningservices.newcastle.gov.uk":
case "planningservices.medway.gov.uk":
case "planningservices.doncaster.gov.uk":
case "planningservices.lambeth.gov.uk":
case "planningservices.southwark.gov.uk":
case "planningservices.buckinghamshire.gov.uk":
case "editor.planx.uk":
return "production"

case "editor.planx.dev":
return "staging"

default:
"pullrequest";
}
}

function log(...args: any[]) {
return process.env.SUPPRESS_LOGS
? () => {
Expand Down Expand Up @@ -31,13 +54,7 @@ function getErrorLogger(): ErrorLogger {
return new Notifier({
projectId: Number(process.env.REACT_APP_AIRBRAKE_PROJECT_ID!),
projectKey: process.env.REACT_APP_AIRBRAKE_PROJECT_KEY!,
environment:
window.location.host.endsWith("planx.uk") ||
window.location.host.endsWith("gov.uk")
? "production"
: window.location.host.endsWith("planx.dev")
? "staging"
: "pullrequest",
environment: getEnvForAllowedHosts(window.location.host)
});
}

Expand Down

0 comments on commit 9c77d09

Please sign in to comment.