[PR #144] [CLOSED] Fix code scanning alert no. 11: Full server-side request forgery #234

New issue

Closed

opened 2026-03-02 23:34:44 +03:00 by kerem · 0 comments

kerem commented

2026-03-02 23:34:44 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/AJaySi/ALwrity/pull/144
Author: @AJaySi
Created: 1/5/2025
Status: ❌ Closed

Base: main ← Head: alert-autofix-11

📝 Commits (1)

47c80d9 Fix code scanning alert no. 11: Full server-side request forgery

📊 Changes

1 file changed (+7 additions, -0 deletions)

View changed files

📝 lib/ai_seo_tools/webpage_content_analysis.py (+7 -0)

📄 Description

Fixes https://github.com/AJaySi/AI-Writer/security/code-scanning/11

To fix the problem, we need to ensure that the user-provided URL is validated against a list of authorized domains. This can be achieved by maintaining a list of allowed domains and checking if the user-provided URL belongs to one of these domains before making the request.

Create a list of authorized domains.
Parse the user-provided URL and extract the domain.
Check if the extracted domain is in the list of authorized domains.
If the domain is not authorized, display an error message and stop the execution.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/AJaySi/ALwrity/pull/144 **Author:** [@AJaySi](https://github.com/AJaySi) **Created:** 1/5/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `alert-autofix-11` --- ### 📝 Commits (1) - [`47c80d9`](https://github.com/AJaySi/ALwrity/commit/47c80d9a70ab842a4202d4bbb044c06d07e92083) Fix code scanning alert no. 11: Full server-side request forgery ### 📊 Changes **1 file changed** (+7 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `lib/ai_seo_tools/webpage_content_analysis.py` (+7 -0) </details> ### 📄 Description Fixes [https://github.com/AJaySi/AI-Writer/security/code-scanning/11](https://github.com/AJaySi/AI-Writer/security/code-scanning/11) To fix the problem, we need to ensure that the user-provided URL is validated against a list of authorized domains. This can be achieved by maintaining a list of allowed domains and checking if the user-provided URL belongs to one of these domains before making the request. 1. Create a list of authorized domains. 2. Parse the user-provided URL and extract the domain. 3. Check if the extracted domain is in the list of authorized domains. 4. If the domain is not authorized, display an error message and stop the execution. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>