Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function validateParameters(param1: string, param2: string): void {
- const parameterRegEx = /^[a-zA-Z0-9_]+$/;
- if (!parameterRegEx.test(param1) || !parameterRegEx.test(param2)) {
- throw new Error("Invalid parameters supplied.");
- }
- }
- function checkUrlSecurity(url: string): string {
- const xssPattern = /<script\b[^<]*(?:(?!<\/script>)<[^<]*)*<\/script>/gi;
- const sqlInjectionPattern = /([';])+OR\s*(\d|\=)/gi;
- const decodedURL = decodeURIComponent(url);
- const trimmedURL = decodedURL.replace(/\/+$/, '');
- const protocolRegex = /^(http|https):\/\//i;
- const protocolRemovedURL = trimmedURL.replace(protocolRegex, '');
- const noQueryStringURL = protocolRemovedURL.replace(/\?.*$/, '');
- const noFragmentsURL = noQueryStringURL.replace(/#.*/, '');
- const finalURL = noFragmentsURL.trim();
- if (xssPattern.test(finalURL)) {
- return "XSS vulnerability detected";
- } else if (sqlInjectionPattern.test(finalURL)) {
- return "SQL injection vulnerability detected";
- } else {
- return "URL is secure";
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
