Add url checking for cert
1 files changed, 19 insertions(+), 0 deletions(-)

M feedback.go
M feedback.go +19 -0
@@ 10,12 10,16 @@ import (
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"reflect"
+	"regexp"
 
 	"github.com/labstack/echo/v4"
 	"hg.code.netlandish.com/~netlandish/gobwebs/server"
 )
 
+var hostPattern = regexp.MustCompile(`^sns\.[a-zA-Z0-9\-]{3,}\.amazonaws\.com(\.cn)?$`)
+
 // FeedbackURL is the url to call the feedback handler
 var FeedbackURL string = "/ses-feedback"
 

          
@@ 102,6 106,21 @@ func (r Record) verify() error {
 	if err != nil {
 		return err
 	}
+
+	// Checking the Cert Url
+	certURL, err := url.Parse(r.SigningCertURL)
+	if err != nil {
+		return err
+	}
+
+	if certURL.Scheme != "https" {
+		return fmt.Errorf("Url should be using https")
+	}
+
+	if !hostPattern.Match([]byte(certURL.Host)) {
+		return fmt.Errorf("Certificate is located on an invalid domain")
+	}
+
 	// We Get the certificate from AWS
 	resp, err := http.Get(r.SigningCertURL)
 	if err != nil {