MCPcopy Index your code
hub / github.com/simstudioai/sim / assertSafeGitLabHostString

Function assertSafeGitLabHostString

apps/sim/tools/gitlab/utils.ts:26–38  ·  view source on GitHub ↗

* Rejects a host that is structurally unsafe to fetch with the caller's token. * * The host is later interpolated into `https:// /api/v4`, so anything that * could change the request's authority (userinfo `@`, an embedded path/query/ * fragment, whitespace, or control characters) must be re

(host: string, rawHost: string)

Source from the content-addressed store, hash-verified

24 * responsibility of the fetch layer.
25 */
26function assertSafeGitLabHostString(host: string, rawHost: string): void {
27 const hostnameWithoutPort = host.replace(/:\d+$/, '')
28 const allowedHostChars = /^[A-Za-z0-9.-]+$/
29 if (!allowedHostChars.test(hostnameWithoutPort)) {
30 throw new UnsafeGitLabHostError(rawHost)
31 }
32 if (hostnameWithoutPort.startsWith('.') || hostnameWithoutPort.endsWith('.')) {
33 throw new UnsafeGitLabHostError(rawHost)
34 }
35 if (hostnameWithoutPort.split('.').some((label) => label.length === 0)) {
36 throw new UnsafeGitLabHostError(rawHost)
37 }
38}
39
40/**
41 * Normalizes a GitLab host value: trims whitespace, strips any protocol prefix

Callers 1

normalizeGitLabHostFunction · 0.85

Calls 2

testMethod · 0.80
replaceMethod · 0.65

Tested by

no test coverage detected