From b29a0089f56748d14ee59fa1d38807db3a916ee3 Mon Sep 17 00:00:00 2001
From: Matthias Bolte <matthias@tinkerforge.com>
Date: Wed, 22 May 2024 16:45:12 +0200
Subject: [PATCH] firmware-update: Only allow HTTPS update URLs

To protect the download of the firmware list from manipulation.
---
 .../src/modules/firmware_update/firmware_update.cpp   | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/software/src/modules/firmware_update/firmware_update.cpp b/software/src/modules/firmware_update/firmware_update.cpp
index 6f729b01c..66b2feadd 100644
--- a/software/src/modules/firmware_update/firmware_update.cpp
+++ b/software/src/modules/firmware_update/firmware_update.cpp
@@ -43,10 +43,17 @@ extern "C" esp_err_t esp_crt_bundle_attach(void *conf);
 
 void FirmwareUpdate::pre_setup()
 {
-    config = Config::Object({
+    config = ConfigRoot{Config::Object({
         {"update_url", Config::Str("", 0, 128)},
         {"cert_id", Config::Int(-1, -1, MAX_CERT_ID)},
-    }); // FIXME: add validator to only accept https:// update URLs
+    }), [this](Config &update, ConfigSource source) -> String {
+        String update_url = update.get("update_url")->asString();
+
+        if (update_url.length() > 0 && !update_url.startsWith("https://"))
+            return "HTTPS required for update URL";
+
+        return "";
+    }};
 
     available_updates = Config::Object({
         {"timestamp", Config::Uint(0)},