# HG changeset patch
# User Yader Velasquez <yader@netlandish.com>
# Date 1670537324 21600
#      Thu Dec 08 16:08:44 2022 -0600
# Node ID 483c6d758a0996f4581ae11fadde12935a63f663
# Parent  0f46879969b9718aa5b3493b83f03046659f9366
Add url checking for cert

diff --git a/feedback.go b/feedback.go
--- a/feedback.go
+++ b/feedback.go
@@ -10,12 +10,16 @@
 	"fmt"
 	"io"
 	"net/http"
+	"net/url"
 	"reflect"
+	"regexp"
 
 	"github.com/labstack/echo/v4"
 	"hg.code.netlandish.com/~netlandish/gobwebs/server"
 )
 
+var hostPattern = regexp.MustCompile(`^sns\.[a-zA-Z0-9\-]{3,}\.amazonaws\.com(\.cn)?$`)
+
 // FeedbackURL is the url to call the feedback handler
 var FeedbackURL string = "/ses-feedback"
 
@@ -102,6 +106,21 @@
 	if err != nil {
 		return err
 	}
+
+	// Checking the Cert Url
+	certURL, err := url.Parse(r.SigningCertURL)
+	if err != nil {
+		return err
+	}
+
+	if certURL.Scheme != "https" {
+		return fmt.Errorf("Url should be using https")
+	}
+
+	if !hostPattern.Match([]byte(certURL.Host)) {
+		return fmt.Errorf("Certificate is located on an invalid domain")
+	}
+
 	// We Get the certificate from AWS
 	resp, err := http.Get(r.SigningCertURL)
 	if err != nil {