Skip to content

Commit

Permalink
Fix code scanning alert no. 3: Incomplete URL substring sanitization
Browse files Browse the repository at this point in the history 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
  • Loading branch information
@gillohner @github-advanced-security
gillohner and github-advanced-security[bot] authored Oct 11, 2024
1 parent 0ff7aa3 commit df73a3d
Showing 1 changed file with 14 additions and 3 deletions.
17 changes: 14 additions & 3 deletions handlers/meetupHandlers/meetupDisplayingHandler.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -22,6 +22,7 @@ import {
import {
fetchAndProcessEvents
} from "../../utils/eventUtils.js";
import url from 'url';


const handleMeetups = async (bot, msg) => {
Expand Down Expand Up @@ -190,9 +191,19 @@ const formatMeetupsMessage = async (allEvents, timeFrame) => {
}

if (location) {
const googleMapsLink = event.tags.find(t => t[0] === 'r' && t[1].includes('google.com/maps'))?.[1];
const osmLink = event.tags.find(t => t[0] === 'r' && t[1].includes('openstreetmap.org'))?.[1];
const appleMapsLink = event.tags.find(t => t[0] === 'r' && t[1].includes('maps.apple.com'))?.[1];
const allowedHosts = ['google.com', 'openstreetmap.org', 'maps.apple.com'];
const googleMapsLink = event.tags.find(t => {
const host = url.parse(t[1]).host;
return t[0] === 'r' && allowedHosts.includes(host) && host === 'google.com';
})?.[1];
const osmLink = event.tags.find(t => {
const host = url.parse(t[1]).host;
return t[0] === 'r' && allowedHosts.includes(host) && host === 'openstreetmap.org';
})?.[1];
const appleMapsLink = event.tags.find(t => {
const host = url.parse(t[1]).host;
return t[0] === 'r' && allowedHosts.includes(host) && host === 'maps.apple.com';
})?.[1];
message += formatLocation(location, googleMapsLink, osmLink, appleMapsLink);
}

Expand Down

0 comments on commit df73a3d

Please sign in to comment.