fix: use strict-url-sanitise to prevent RCE vulnerability (CVE-2025-11953)

Co-authored-by: huntie <2547783+huntie@users.noreply.github.com>

Author: Copilot

packages/cli-server-api/package.json

@@ -16,6 +16,7 @@
     "open": "^6.2.0",
     "pretty-format": "^29.7.0",
     "serve-static": "^1.13.1",
+    "strict-url-sanitise": "0.0.1",
     "ws": "^6.2.3"
   },
   "devDependencies": {

packages/cli-server-api/src/__tests__/openURLMiddleware.test.ts

@@ -0,0 +1,66 @@
+import http from 'http';
+import open from 'open';
+import {openURLMiddleware} from '../openURLMiddleware';
+
+jest.mock('open');
+jest.mock('strict-url-sanitise', () => ({
+  sanitizeUrl: jest.fn((url: string) => {
+    // Simulate the behavior of strict-url-sanitise
+    const parsed = new URL(url);
+    if (parsed.protocol !== 'http:' && parsed.protocol !== 'https:') {
+      throw new Error(`Invalid url to pass to open(): ${url}`);
+    }
+    if (parsed.hostname !== encodeURIComponent(parsed.hostname)) {
+      throw new Error(`Invalid url to pass to open(): ${url}`);
+    }
+    return url;
+  }),
+}));
+
+describe('openURLMiddleware', () => {
+  let req: http.IncomingMessage & {body?: Object};
+  let res: jest.Mocked<http.ServerResponse>;
+  let next: jest.Mock;
+
+  beforeEach(() => {
+    req = {
+      method: 'POST',
+      body: {},
+    } as any;
+
+    res = {
+      writeHead: jest.fn(),
+      end: jest.fn(),
+    } as any;
+
+    next = jest.fn();
+    jest.clearAllMocks();
+  });
+
+  afterEach(() => {
+    jest.restoreAllMocks();
+  });
+
+  it('should return 400 for non-string URL', async () => {
+    req.body = {url: 123};
+
+    await openURLMiddleware(req, res, next);
+
+    expect(open).not.toHaveBeenCalled();
+    expect(res.writeHead).toHaveBeenCalledWith(400);
+    expect(res.end).toHaveBeenCalledWith('URL must be a string');
+  });
+
+  it('should reject malicious URL with invalid hostname', async () => {
+    const maliciousUrl = 'https://www.$(calc.exe).com/foo';
+    req.body = {url: maliciousUrl};
+
+    await openURLMiddleware(req, res, next);
+
+    expect(open).not.toHaveBeenCalled();
+    expect(res.writeHead).toHaveBeenCalledWith(400);
+    expect(res.end).toHaveBeenCalledWith(
+      expect.stringContaining('Invalid url to pass to open()'),
+    );
+  });
+});

packages/cli-server-api/src/openURLMiddleware.ts

@@ -14,7 +14,7 @@ import open from 'open';
 /**
  * Open a URL in the system browser.
  */
-async function openURLMiddleware(
+export async function openURLMiddleware(
   req: IncomingMessage & {
     // Populated by body-parser
     body?: Object;
@@ -31,20 +31,23 @@ async function openURLMiddleware(
 
     const {url} = req.body as {url: string};
 
+    if (typeof url !== 'string') {
+      res.writeHead(400);
+      res.end('URL must be a string');
+      return;
+    }
+
+    let sanitizedUrl: string;
     try {
-      const parsedUrl = new URL(url);
-      if (parsedUrl.protocol !== 'http:' && parsedUrl.protocol !== 'https:') {
-        res.writeHead(400);
-        res.end('Invalid URL protocol');
-        return;
-      }
+      const {sanitizeUrl} = await import('strict-url-sanitise');
+      sanitizedUrl = sanitizeUrl(url);
     } catch (error) {
       res.writeHead(400);
-      res.end('Invalid URL format');
+      res.end(error instanceof Error ? error.message : 'Invalid URL');
       return;
     }
 
-    await open(url);
+    await open(sanitizedUrl);
 
     res.writeHead(200);
     res.end();

yarn.lock

@@ -9703,6 +9703,11 @@ stream-buffers@2.2.x:
   resolved "https://registry.yarnpkg.com/stream-buffers/-/stream-buffers-2.2.0.tgz#91d5f5130d1cef96dcfa7f726945188741d09ee4"
   integrity sha512-uyQK/mx5QjHun80FLJTfaWE7JtwfRMKBLkMne6udYOmvH0CawotVa7TfgYHzAnpphn4+TweIx1QKMnRIbipmUg==
 
+strict-url-sanitise@0.0.1:
+  version "0.0.1"
+  resolved "https://registry.yarnpkg.com/strict-url-sanitise/-/strict-url-sanitise-0.0.1.tgz#10cfac63c9dfdd856d98ab9f76433dad5ce99e0c"
+  integrity sha512-nuFtF539K8jZg3FjaWH/L8eocCR6gegz5RDOsaWxfdbF5Jqr2VXWxZayjTwUzsWJDC91k2EbnJXp6FuWW+Z4hg==
+
 string-argv@^0.3.1:
   version "0.3.1"
   resolved "https://registry.yarnpkg.com/string-argv/-/string-argv-0.3.1.tgz#95e2fbec0427ae19184935f816d74aaa4c5c19da"