MCPcopy Index your code
hub / github.com/simstudioai/sim / validateWorkdayTenantUrl

Function validateWorkdayTenantUrl

apps/sim/lib/core/security/input-validation.ts:1592–1616  ·  view source on GitHub ↗
(
  url: string | null | undefined,
  paramName = 'tenantUrl'
)

Source from the content-addressed store, hash-verified

1590 * ```
1591 */
1592export function validateWorkdayTenantUrl(
1593 url: string | null | undefined,
1594 paramName = 'tenantUrl'
1595): ValidationResult {
1596 const urlResult = validateExternalUrl(url, paramName)
1597 if (!urlResult.isValid) return urlResult
1598
1599 const hostname = new URL(url as string).hostname.toLowerCase()
1600 const isAllowedHost = WORKDAY_ALLOWED_HOST_SUFFIXES.some(
1601 (suffix) => hostname === suffix.slice(1) || hostname.endsWith(suffix)
1602 )
1603
1604 if (!isAllowedHost) {
1605 logger.warn('Workday tenant URL hostname not on allowlist', {
1606 paramName,
1607 hostname: hostname.substring(0, 100),
1608 })
1609 return {
1610 isValid: false,
1611 error: `${paramName} must be a Workday-hosted domain (e.g., *.workday.com or *.myworkday.com)`,
1612 }
1613 }
1614
1615 return { isValid: true, sanitized: url as string }
1616}
1617
1618/**
1619 * Validates a database identifier (table or column name) to prevent SQL injection.

Callers 2

buildServiceUrlFunction · 0.90

Calls 2

validateExternalUrlFunction · 0.85
warnMethod · 0.65

Tested by

no test coverage detected