From 4219d28de5636b121a25d8f459d65ad67b64d966 Mon Sep 17 00:00:00 2001
From: Joel Smith <joelsmith.2019@gmail.com>
Date: Wed, 24 Apr 2024 14:10:00 -0700
Subject: [PATCH] Validate Attestation URL

---
 circle/attestation.go      | 12 +++++++++++-
 circle/attestation_test.go | 17 +++++++++++++++++
 2 files changed, 28 insertions(+), 1 deletion(-)

diff --git a/circle/attestation.go b/circle/attestation.go
index b5ef5c0..4776798 100644
--- a/circle/attestation.go
+++ b/circle/attestation.go
@@ -22,7 +22,17 @@ func CheckAttestation(attestationURL string, logger log.Logger, irisLookupID str
 	ctx, cancel := context.WithTimeout(context.Background(), 5*time.Second)
 	defer cancel()
 
-	req, err := http.NewRequestWithContext(ctx, http.MethodGet, attestationURL+"0x"+irisLookupID, nil)
+	// append ending / if not present
+	if attestationURL[len(attestationURL)-1:] != "/" {
+		attestationURL += "/"
+	}
+
+	// add 0x prefix if not present
+	if len(irisLookupID) > 2 && irisLookupID[:2] != "0x" {
+		irisLookupID = "0x" + irisLookupID
+	}
+
+	req, err := http.NewRequestWithContext(ctx, http.MethodGet, attestationURL+irisLookupID, nil)
 	if err != nil {
 		logger.Debug("error creating request: " + err.Error())
 		return nil
diff --git a/circle/attestation_test.go b/circle/attestation_test.go
index 382678c..9f35036 100644
--- a/circle/attestation_test.go
+++ b/circle/attestation_test.go
@@ -31,3 +31,20 @@ func TestAttestationNotFound(t *testing.T) {
 	resp := circle.CheckAttestation(cfg.Circle.AttestationBaseURL, logger, "not an attestation", "", 0, 4)
 	require.Nil(t, resp)
 }
+
+func TestAttestationWithoutEndingSlash(t *testing.T) {
+	startUrl := cfg.Circle.AttestationBaseURL
+	cfg.Circle.AttestationBaseURL = startUrl[:len(startUrl)-1]
+
+	resp := circle.CheckAttestation(cfg.Circle.AttestationBaseURL, logger, "85bbf7e65a5992e6317a61f005e06d9972a033d71b514be183b179e1b47723fe", "", 0, 4)
+	require.NotNil(t, resp)
+	require.Equal(t, "complete", resp.Status)
+
+	cfg.Circle.AttestationBaseURL = startUrl
+}
+
+func TestAttestationWithLeading0x(t *testing.T) {
+	resp := circle.CheckAttestation(cfg.Circle.AttestationBaseURL, logger, "0x85bbf7e65a5992e6317a61f005e06d9972a033d71b514be183b179e1b47723fe", "", 0, 4)
+	require.NotNil(t, resp)
+	require.Equal(t, "complete", resp.Status)
+}