UI: Added URI sanitization function.

Issue: #3081
PR:

monkey/monkey_island/cc/ui/src/components/ui-components/InfoPane.js

@@ -3,6 +3,7 @@ import React from 'react';
 import {FontAwesomeIcon} from '@fortawesome/react-fontawesome';
 import {faQuestionCircle} from '@fortawesome/free-solid-svg-icons';
 import WarningIcon from './WarningIcon';
+import {sanitizeURI} from '../../utils/sanitizers/uriSanitizer';
 
 const WarningType = {
   NONE: 0,
@@ -40,10 +41,13 @@ function getTitle(props) {
 
 function getLinkButton(props) {
   if (typeof (props.link) == 'string') {
+    const sanitizedLink = sanitizeURI(props.link);
+
     return (
-      <Button variant={'link'} className={'pane-link'} href={props.link} target={'_blank'}>
-        <FontAwesomeIcon icon={faQuestionCircle}/>
-      </Button>)
+      <Button variant={'link'} className={'pane-link'} href={sanitizedLink}>
+         <FontAwesomeIcon icon={faQuestionCircle}/>
+       </Button>
+     )
   }
 }
 

monkey/monkey_island/cc/ui/src/utils/sanitizers/uriSanitizer.js

@@ -0,0 +1,27 @@
+const REG_EXP_VALIDATORS = [
+    {expression: /[()[\]{};`'"]/gmi, expectedTestResult: false},
+    {expression: /^([^\w]*)(unsafe|javascript|vbscript|app|admin|icloud-sharing|icloud-vetting|help|aim|facetime-audio|applefeedback|ibooks|macappstore|udoc|ts|st|x-apple-helpbasic)/gmi, expectedTestResult: false},
+    {expression: /^(?:\(?:\(?:ht)tps?\):|[^a-z]|[a-z+.-]+(?:[^a-z+.\-:]|$)\)/gmi, expectedTestResult: true}
+];
+
+const GENERAL_UNSAFE_STRINGS = ['javascript:']
+
+export const sanitizeURI = (uri) => {
+  const EMPTY_URI = '';
+
+  const validators =  REG_EXP_VALIDATORS;
+  for(let i=0; i < validators.length; i++){
+    const regTest = new RegExp(validators[i].expression);
+    if(regTest.test(uri) !== validators[i].expectedTestResult) {
+      return EMPTY_URI;
+    }
+  }
+
+  for(let i=0; i<GENERAL_UNSAFE_STRINGS.length; i++){
+    if(uri.indexOf(GENERAL_UNSAFE_STRINGS[i]) !== -1){
+      return EMPTY_URI;
+    }
+  }
+
+  return uri;
+}