From ae12a922e152f28ab858bc14912cff442a39739f Mon Sep 17 00:00:00 2001
From: fengjiahui4 <fengjiahui4@huawei.com>
Date: Mon, 5 Sep 2022 11:31:57 +0800
Subject: [PATCH] sync master to 3.1-Release: Validate the URL

Signed-off-by: fengjiahui4 <fengjiahui4@huawei.com>
---
 .../download_single/include/download_task_napi.h |  1 +
 .../download_single/src/download_task_napi.cpp   | 16 +++++++++++++++-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/download/interfaces/kits/js/napi/download_single/include/download_task_napi.h b/download/interfaces/kits/js/napi/download_single/include/download_task_napi.h
index 49450840..fc1d016b 100644
--- a/download/interfaces/kits/js/napi/download_single/include/download_task_napi.h
+++ b/download/interfaces/kits/js/napi/download_single/include/download_task_napi.h
@@ -34,6 +34,7 @@ private:
     static napi_value Initialize(napi_env env, napi_callback_info info);
     static bool ParseConfig(napi_env env, napi_value configValue, DownloadConfig &config);
     static bool ParseHeader(napi_env env, napi_value configValue, DownloadConfig &config);
+    static bool ParseUrl(napi_env env, napi_value configValue, DownloadConfig &config);
     static napi_status OnHeaderReceive(
         napi_env env, size_t argc, napi_value *argv, napi_value self, napi_value *result);
     static std::shared_ptr<OHOS::AppExecFwk::DataAbilityHelper> GetDataAbilityHelper(napi_env env);
diff --git a/download/interfaces/kits/js/napi/download_single/src/download_task_napi.cpp b/download/interfaces/kits/js/napi/download_single/src/download_task_napi.cpp
index 01c12368..1fd3177f 100644
--- a/download/interfaces/kits/js/napi/download_single/src/download_task_napi.cpp
+++ b/download/interfaces/kits/js/napi/download_single/src/download_task_napi.cpp
@@ -16,6 +16,7 @@
 #include "download_task_napi.h"
 
 #include <uv.h>
+#include <regex>
 
 #include "ability.h"
 #include "async_call.h"
@@ -149,7 +150,10 @@ bool DownloadTaskNapi::ParseConfig(napi_env env, napi_value configValue, Downloa
     if (!ParseHeader(env, configValue, config)) {
         return false;
     }
-    config.SetUrl(NapiUtils::GetStringPropertyUtf8(env, configValue, PARAM_KEY_URI));
+    if (!ParseUrl(env, configValue, config)) {
+        DOWNLOAD_HILOGE("Input url error");
+        return false;
+    }
     config.SetMetered(NapiUtils::GetBooleanProperty(env, configValue, PARAM_KEY_METERED));
     config.SetRoaming(NapiUtils::GetBooleanProperty(env, configValue, PARAM_KEY_ROAMING));
     config.SetDescription(NapiUtils::GetStringPropertyUtf8(env, configValue, PARAM_KEY_DESCRIPTION));
@@ -159,6 +163,16 @@ bool DownloadTaskNapi::ParseConfig(napi_env env, napi_value configValue, Downloa
     return true;
 }
 
+bool DownloadTaskNapi::ParseUrl(napi_env env, napi_value configValue, DownloadConfig &config)
+{
+    std::string url = NapiUtils::GetStringPropertyUtf8(env, configValue, PARAM_KEY_URI);
+    if (!regex_match(url, std::regex("^http(s)?:\\/\\/.+"))) {
+        return false;
+    }
+    config.SetUrl(url);
+    return true;
+}
+
 bool DownloadTaskNapi::ParseHeader(napi_env env, napi_value configValue, DownloadConfig &config)
 {
     if (!NapiUtils::HasNamedProperty(env, configValue, PARAM_KEY_HEADER)) {
-- 
Gitee