瀏覽代碼
Fix code scanning alert no. 111: Incomplete URL substring sanitization (#12305)
Signed-off-by: -LAN- <laipz8200@outlook.com> Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>tags/0.15.0
-LAN-
10 月之前
+ 7
- 2
api/services/app_dsl_service.py
查看文件
| import uuid | import uuid | ||||
| from enum import StrEnum | from enum import StrEnum | ||||
| from typing import Optional, cast | from typing import Optional, cast | ||||
| from urllib.parse import urlparse | |||||
| from uuid import uuid4 | from uuid import uuid4 | ||||
| import yaml # type: ignore | import yaml # type: ignore | ||||
| ) | ) | ||||
| try: | try: | ||||
| max_size = 10 * 1024 * 1024 # 10MB | max_size = 10 * 1024 * 1024 # 10MB | ||||
| # tricky way to handle url from github to github raw url | |||||
| if yaml_url.startswith("https://github.com") and yaml_url.endswith((".yml", ".yaml")): | |||||
| parsed_url = urlparse(yaml_url) | |||||
| if ( | |||||
| parsed_url.scheme == "https" | |||||
| and parsed_url.netloc == "github.com" | |||||
| and parsed_url.path.endswith((".yml", ".yaml")) | |||||
| ): | |||||
| yaml_url = yaml_url.replace("https://github.com", "https://raw.githubusercontent.com") | yaml_url = yaml_url.replace("https://github.com", "https://raw.githubusercontent.com") | ||||
| yaml_url = yaml_url.replace("/blob/", "/") | yaml_url = yaml_url.replace("/blob/", "/") | ||||
| response = ssrf_proxy.get(yaml_url.strip(), follow_redirects=True, timeout=(10, 10)) | response = ssrf_proxy.get(yaml_url.strip(), follow_redirects=True, timeout=(10, 10)) |
Loading…