@@ 10,12 10,16 @@ import (
"fmt"
"io"
"net/http"
+ "net/url"
"reflect"
+ "regexp"
"github.com/labstack/echo/v4"
"hg.code.netlandish.com/~netlandish/gobwebs/server"
)
+var hostPattern = regexp.MustCompile(`^sns\.[a-zA-Z0-9\-]{3,}\.amazonaws\.com(\.cn)?$`)
+
// FeedbackURL is the url to call the feedback handler
var FeedbackURL string = "/ses-feedback"
@@ 102,6 106,21 @@ func (r Record) verify() error {
if err != nil {
return err
}
+
+ // Checking the Cert Url
+ certURL, err := url.Parse(r.SigningCertURL)
+ if err != nil {
+ return err
+ }
+
+ if certURL.Scheme != "https" {
+ return fmt.Errorf("Url should be using https")
+ }
+
+ if !hostPattern.Match([]byte(certURL.Host)) {
+ return fmt.Errorf("Certificate is located on an invalid domain")
+ }
+
// We Get the certificate from AWS
resp, err := http.Get(r.SigningCertURL)
if err != nil {