TRELLO-2795 : prevent reporting gouv website

betagouv · Jan 11, 2025 · 4ec2196 · 4ec2196
1 parent c305180
commit 4ec2196
Show file tree

Hide file tree

Showing 2 changed files with 30 additions and 1 deletion.
diff --git a/app/orchestrators/ReportOrchestrator.scala b/app/orchestrators/ReportOrchestrator.scala
@@ -30,6 +30,7 @@ import models.report.reportmetadata.ReportWithMetadataAndBookmark
 import models.token.TokenKind.CompanyInit
 import models.website.Website
 import orchestrators.ReportOrchestrator.ReportCompanyChangeThresholdInDays
+import orchestrators.ReportOrchestrator.isGouvWebsite
 import play.api.Logger
 import play.api.i18n.MessagesApi
 import play.api.libs.json.Json
@@ -65,6 +66,7 @@ import java.time.ZoneOffset
 import java.time.temporal.TemporalAmount
 import java.util.UUID
 import java.util.concurrent.TimeUnit
+import java.util.regex.Pattern
 import scala.concurrent.ExecutionContext
 import scala.concurrent.Future
 import scala.concurrent.duration._
@@ -303,6 +305,7 @@ class ReportOrchestrator(
           Future.failed(AppError.CannotReportPublicAdministration)
         case _ => Future.unit
       }
+      _ <- isGouvWebsite(reportDraft)
       _ <- reportDraft.companySiret match {
         case Some(siret) =>
           // Try to check if siret exist in signal conso database
@@ -1112,4 +1115,20 @@ class ReportOrchestrator(
 
 object ReportOrchestrator {
   val ReportCompanyChangeThresholdInDays: Long = 90L
+
+  def isGouvWebsite(reportDraft: ReportDraft): Future[Unit] = {
+
+    def isAGouvWebsite(input: URL): Boolean = {
+      val regex   = "^(?!.*\\.gouv\\.fr(?:[\\/\\?#]|$)).*$"
+      val pattern = Pattern.compile(regex, Pattern.CASE_INSENSITIVE)
+      !pattern.matcher(input.value).matches()
+    }
+
+    reportDraft.websiteURL match {
+      case Some(websiteURL) if isAGouvWebsite(websiteURL) =>
+        Future.failed(AppError.CannotReportPublicAdministration)
+      case _ => Future.unit
+    }
+  }
+
 }
diff --git a/test/orchestrators/ReportOrchestratorTest.scala b/test/orchestrators/ReportOrchestratorTest.scala
@@ -14,7 +14,7 @@ import org.specs2.mutable.Specification
 import utils.AppSpec
 import utils.Fixtures
 import utils.TestApp
-
+import utils.URL
 import java.time.LocalDate
 import java.time.OffsetDateTime
 import java.time.ZoneOffset
@@ -242,6 +242,16 @@ class ReportOrchestratorTest(implicit ee: ExecutionEnv) extends Specification wi
       res must throwA[CannotReportPublicAdministration.type].await
     }
 
+    "fail when reporting gouv website " in {
+      val draftReportOnPublicCompany = aDraftReport.copy(
+        companyActivityCode = Some("90.10"),
+        websiteURL = Some(URL("http://totot.gouv.fr?titi=tr"))
+      )
+      val res =
+        components.reportOrchestrator.validateAndCreateReport(draftReportOnPublicCompany, ConsumerIp("0.0.0.0"))
+      res must throwA[CannotReportPublicAdministration.type].await
+    }
+
     "succeed when reporting private company" in {
       val draftReportOnPrivateCompany = aDraftReport.copy(
         companyActivityCode = Some("90.10")