Avoids URIError in @osd/std url methods

[paulstn]

Description

Urls, when being parsed through any functionality within OSD that uses the @osd/std package’s methods for modifyUrl, isRelativeUrl, or getUrlOrigin, eventually go on to use the parse method from the node:url package.

When the URL is malformed, the parse method will throw a URIError, which is not handled by the current code. This means that malformed URLs can crash the page.
An exmaple service that uses modifyUrl that causes the application to crash:
https://github.com/opensearch-project/OpenSearch-Dashboards/blob/main/src/core/server/http/base_path_service.ts#L87

I've added tests that would've previously passed in user input that can cause crashes, and changed the url file's methods to catch errors and return values that make sense to default to.

The example malicious URL that I've written into tests has a malformed pass in the auth section of the url, since that is where the node:url's parse method would explicitly throw a URIError.

http://user:%E0%[email protected]

Changelog

• fix: @osd-std package url parse method does not throw page crashing errors

Check List

• All tests pass
  • yarn test:jest
  • yarn test:jest_integration
• New functionality includes testing.
• New functionality has been documented.
• Update CHANGELOG.md
• Commits are signed per the DCO using --signoff

[codecov]

Codecov Report

❌ Patch coverage is 95.00000% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 60.75%. Comparing base (127fd2e) to head (d8ebcc1).

Files with missing lines	Patch %	Lines
packages/osd-std/src/url.ts	95.00%	0 Missing and 1 partial ⚠️

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #10915   +/-   ##
=======================================
  Coverage   60.75%   60.75%           
=======================================
  Files        4533     4533           
  Lines      122211   122217    +6     
  Branches    20483    20483           
=======================================
+ Hits        74250    74258    +8     
+ Misses      42720    42719    -1     
+ Partials     5241     5240    -1     

Flag	Coverage Δ
Linux_1	26.57% <25.00%> (-0.01%)	⬇️
Linux_2	38.93% <90.00%> (+<0.01%)	⬆️
Linux_3	39.43% <0.00%> (-0.01%)	⬇️
Linux_4	33.74% <25.00%> (-0.01%)	⬇️
Windows_1	26.58% <25.00%> (-0.01%)	⬇️
Windows_2	38.90% <90.00%> (+<0.01%)	⬆️
Windows_3	39.44% <0.00%> (-0.01%)	⬇️
Windows_4	33.74% <25.00%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ZilongX]

as commented in L149 - "Returns the origin (protocol + host + port) from given url if url is a valid absolute url, or null otherwise" it should return null when error is caught since it's likely a malformed url

[ruanyl]

Agree with @ZilongX, should better to return null if the url failed to parse

[Flyingliuhub]

agree, we should better handle here

[paulstn]

This does sound better - I'll make the change.

[ZilongX]

generally looking good with some comments, thanks @paulstn for the quick fix. Meanwhile there are a bunch of checking test failing for this PR (6+) which doesn't seem to be related the changes introduced in, is it common all PRs ? Then we should fix all those failed test cases

[paulstn]

generally looking good with some comments, thanks @paulstn for the quick fix. Meanwhile there are a bunch of checking test failing for this PR (6+) which doesn't seem to be related the changes introduced in, is it common all PRs ? Then we should fix all those failed test cases

They seemed to be unrelated, a test rerun has them all passing now.

Edit: They seem to be related to something else that is causing every PR to fail.