Fix code scanning alert no. 12: Full server-side request forgery

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
2025-01-05 15:58:02 +05:30
parent b10e1af1b5
commit b41320ef10
1 changed files with 8 additions and 0 deletions
--- a/lib/ai_seo_tools/wordcloud.py
+++ b/lib/ai_seo_tools/wordcloud.py
@@ -19,6 +19,8 @@ language_input = st.selectbox("What language is your content?", ('English', 'Ita
 num_results_input = st.slider("How many top words/phrases should we show?", min_value=10, max_value=150, value=50)
 st.write("  ") 

+authorized_domains = ["example.com", "another-example.com"]
+
 if st.button("Analyze Your Content!"):
    with st.spinner('Analyzing your content...'):
        url = url_input.strip()
@@ -29,6 +31,12 @@ if st.button("Analyze Your Content!"):
            st.error("Oops! Looks like you forgot 'http://' or 'https://' at the beginning of your URL.  Please add it and try again! 😊")
            st.stop()

+        from urllib.parse import urlparse
+        parsed_url = urlparse(url)
+        if parsed_url.netloc not in authorized_domains:
+            st.error("The domain of the provided URL is not authorized. Please use an authorized domain.")
+            st.stop()
+
        try:
            response = requests.get(url)
            response.raise_for_status()  # Check for errors