Merge pull request #768 from Stirling-Tools/pixeebot/drip-2024-02-01-pixee-java/sandbox-url-creation

Sandboxed URL creation to prevent SSRF attacks

src/main/java/stirling/software/SPDF/utils/GeneralUtils.java

@@ -1,5 +1,7 @@
 package stirling.software.SPDF.utils;
 
+import io.github.pixee.security.HostValidator;
+import io.github.pixee.security.Urls;
 import java.io.File;
 import java.io.FileOutputStream;
 import java.io.IOException;
@@ -57,7 +59,7 @@ public class GeneralUtils {
 
     public static boolean isValidURL(String urlStr) {
         try {
-            new URL(urlStr);
+            Urls.create(urlStr, Urls.HTTP_PROTOCOLS, HostValidator.DENY_COMMON_INFRASTRUCTURE_TARGETS);
             return true;
         } catch (MalformedURLException e) {
             return false;