From b212b347f612187b6175e4b8df5a7cd07141765b Mon Sep 17 00:00:00 2001
From: Bandini Bhopi <bandinib@amazon.com>
Date: Wed, 18 Oct 2023 23:37:31 +0000
Subject: [PATCH] Adds validation for invalid hostname in multi data source

Signed-off-by: Bandini Bhopi <bandinib@amazon.com>
---
 .../data_source/server/util/endpoint_validator.ts    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/plugins/data_source/server/util/endpoint_validator.ts b/src/plugins/data_source/server/util/endpoint_validator.ts
index 1c032037d2f5..d101cef2960b 100644
--- a/src/plugins/data_source/server/util/endpoint_validator.ts
+++ b/src/plugins/data_source/server/util/endpoint_validator.ts
@@ -5,8 +5,20 @@
 
 import dns from 'dns-sync';
 import IPCIDR from 'ip-cidr';
+// eslint-disable-next-line @osd/eslint/no-restricted-paths
+import { config } from '../../../../core/server/http';
 
 export function isValidURL(endpoint: string, deniedIPs?: string[]) {
+  // Validate hostname e.g. https://abc.com<><><><img>
+  const httpSchema = config.schema;
+  const obj = {
+    host: endpoint,
+  };
+  try {
+    httpSchema.validate(obj);
+  } catch (err) {
+    return false;
+  }
   // Check the format of URL, URL has be in the format as
   // scheme://server/path/resource otherwise an TypeError
   // would be thrown.