Skip to content

Commit

Permalink
fix: use menlo security for gsib
Browse files Browse the repository at this point in the history
  • Loading branch information
seaerchin committed Oct 18, 2024
1 parent 0cf7fc1 commit 4d0e1d0
Show file tree
Hide file tree
Showing 3 changed files with 22 additions and 4 deletions.
8 changes: 6 additions & 2 deletions src/components/ViewStagingSiteModal/ViewStagingSiteModal.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,8 @@ import { useEffect, useState } from "react"
import { ButtonLink } from "components/ButtonLink"
import { Modal } from "components/Modal"

import { useStagingLink } from "hooks/useStagingLink"

export interface ViewStagingSiteModalProps {
isOpen: boolean
onClose: () => void
Expand Down Expand Up @@ -57,6 +59,8 @@ export function ViewStagingSiteModal({
stagingUrl,
editMode,
}: ViewStagingSiteModalProps) {
const stagingLink = useStagingLink(stagingUrl)

return (
<Modal isOpen={isOpen} onClose={onClose}>
<ModalOverlay />
Expand All @@ -78,7 +82,7 @@ export function ViewStagingSiteModal({
what your site may look like on smaller devices:
</Text>

<GenerateQr text={stagingUrl || ""} />
<GenerateQr text={stagingLink || ""} />
</VStack>
</ModalBody>
<ModalFooter>
Expand All @@ -87,7 +91,7 @@ export function ViewStagingSiteModal({
Close
</Button>
<Skeleton isLoaded={!isLoading}>
<ButtonLink href={stagingUrl}>
<ButtonLink href={stagingLink}>
<Text color="white">Open staging site in a new tab</Text>
</ButtonLink>
</Skeleton>
Expand Down
12 changes: 12 additions & 0 deletions src/hooks/useStagingLink.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
const GSIB_INDICATOR = "menlo-view.menlosecurity.com"

export const useStagingLink = (link?: string): string | undefined => {
// NOTE: Prepend the menlo link if this is on GSIB because
// GSIBs do a security scan that will fail otherwise with a TOO_MANY_REDIRECTS
// error when we access the raw link directly.
if (window.name.includes(GSIB_INDICATOR)) {

Check failure

Code scanning / CodeQL

Incomplete URL substring sanitization High

'
menlo-view.menlosecurity.com
' can be anywhere in the URL, and arbitrary hosts may come before or after it.
return `https://safe.menlosecurity.com/${link}`
}

return link
}
6 changes: 4 additions & 2 deletions src/layouts/SiteDashboard/SiteDashboard.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,7 @@ import {
import { useGetBrokenLinks } from "hooks/siteDashboardHooks/useGetLinkChecker"
import { useRefreshLinkChecker } from "hooks/siteDashboardHooks/useRefreshLinkChecker"
import useRedirectHook from "hooks/useRedirectHook"
import { useStagingLink } from "hooks/useStagingLink"

import { getDateTimeFromUnixTime } from "utils/date"
import { isSiteLaunchEnabled } from "utils/siteLaunchUtils"
Expand Down Expand Up @@ -96,6 +97,7 @@ export const SiteDashboard = (): JSX.Element => {
const {
mutateAsync: updateViewedReviewRequests,
} = useUpdateViewedReviewRequests()
const stagingLink = useStagingLink(siteInfo?.stagingUrl)

const isBrokenLinksReporterEnabled = useFeatureIsOn(
"is_broken_links_report_enabled"
Expand Down Expand Up @@ -143,11 +145,11 @@ export const SiteDashboard = (): JSX.Element => {
mainButtonText="Open staging"
isDisabled={isSiteInfoLoading || isSiteInfoError}
as={ButtonLink}
href={siteInfo?.stagingUrl}
href={stagingLink}
>
<MenuDropdownItem
as={ButtonLink}
href={siteInfo?.stagingUrl}
href={stagingLink}
isDisabled={isSiteInfoLoading || isSiteInfoError}
>
<Text textStyle="body-1" fill="text.body">
Expand Down

0 comments on commit 4d0e1d0

Please sign in to comment.