Overview

File 0001-axios-fixsec-disregard-protocol-relative-URL-to-remediate-SSRF.patch of Package pgadmin4.40052

From 59ddd4427ad31a4c7da63e4ee7405e5c88467521 Mon Sep 17 00:00:00 2001
From: hainenber <dotronghai96@gmail.com>
Date: Mon, 12 Aug 2024 22:13:02 +0700
Subject: [PATCH] fix(sec): disregard protocol-relative URL to remediate SSRF

Obtained from https://github.com/axios/axios/pull/6539/commits/59ddd4427ad31a4c7da63e4ee7405e5c88467521

Signed-off-by: hainenber <dotronghai96@gmail.com>
---
 lib/helpers/isAbsoluteURL.js             | 4 ++--
 test/specs/helpers/isAbsoluteURL.spec.js | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/web/node_modules/axios/lib/helpers/isAbsoluteURL.js b/web/node_modules/axios/lib/helpers/isAbsoluteURL.js
index 4747a45767..41f2785c3d 100644
--- a/web/node_modules/axios/lib/helpers/isAbsoluteURL.js
+++ b/web/node_modules/axios/lib/helpers/isAbsoluteURL.js
@@ -8,8 +8,8 @@
  * @returns {boolean} True if the specified URL is absolute, otherwise false
  */
 export default function isAbsoluteURL(url) {
-  // A URL is considered absolute if it begins with "<scheme>://" or "//" (protocol-relative URL).
+  // A URL is considered absolute if it begins with "<scheme>://".
   // RFC 3986 defines scheme name as a sequence of characters beginning with a letter and followed
   // by any combination of letters, digits, plus, period, or hyphen.
-  return /^([a-z][a-z\d+\-.]*:)?\/\//i.test(url);
+  return /^([a-z][a-z\d+\-.]*:)\/\//i.test(url);
 }
#diff --git a/web/node_modules/axios/test/specs/helpers/isAbsoluteURL.spec.js b/web/node_modules/axios/test/specs/helpers/isAbsoluteURL.spec.js
#index 872f5efbe1..cf8a4cedbf 100644
#--- a/web/node_modules/axios/test/specs/helpers/isAbsoluteURL.spec.js
#+++ b/web/node_modules/axios/test/specs/helpers/isAbsoluteURL.spec.js
#@@ -12,8 +12,8 @@ describe('helpers::isAbsoluteURL', function () {
#     expect(isAbsoluteURL('!valid://example.com/')).toBe(false);
#   });
# 
#-  it('should return true if URL is protocol-relative', function () {
#-    expect(isAbsoluteURL('//example.com/')).toBe(true);
#+  it('should return false if URL is protocol-relative', function () {
#+    expect(isAbsoluteURL('//example.com/')).toBe(false);
#   });
# 
#   it('should return false if URL is relative', function () {
openSUSE Build Service is sponsored by
Places