From fcc78089ad125421055eb6275a306617208db8cd Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Fri, 23 Aug 2024 09:18:08 +0100
Subject: [PATCH] Hardening suggestions for Stirling-PDF / multipleFix (#1743)

Sandboxed URL creation to prevent SSRF attacks

Co-authored-by: pixeebot[bot] <104101892+pixeebot[bot]@users.noreply.github.com>
---
 src/main/java/stirling/software/SPDF/utils/GeneralUtils.java | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
index 1efd2446..5f871899 100644
--- a/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
+++ b/src/main/java/stirling/software/SPDF/utils/GeneralUtils.java
@@ -77,7 +77,7 @@ public class GeneralUtils {
 
     public static boolean isURLReachable(String urlStr) {
         try {
-            URL url = new URL(urlStr);
+            URL url = Urls.create(urlStr, Urls.HTTP_PROTOCOLS, HostValidator.DENY_COMMON_INFRASTRUCTURE_TARGETS);
             HttpURLConnection connection = (HttpURLConnection) url.openConnection();
             connection.setRequestMethod("HEAD");
             int responseCode = connection.getResponseCode();