include::../description.adoc[]

== Noncompliant Code Example

----
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
  URL url = new URL(req.getParameter("url"));
  HttpURLConnection conn = (HttpURLConnection) url.openConnection(); // Noncompliant
}
----

== Compliant Solution

----
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
  String[] urlWhiteList = { "example.com", "www.example.com" };

  String inputUrl = req.getParameter("url");

  URI uri           = new URI(inputUrl);
  String remoteHost = uri.getHost();

  if (!urlWhiteList.contains(remoteHost))
    throw new IOException();

  URL url = uri.toURL();
  HttpURLConnection conn = (HttpURLConnection) url.openConnection();
}
----

include::../see.adoc[]
ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

include::../highlighting.adoc[]

endif::env-github,rspecator-view[]