[PR #144] [CLOSED] Fix code scanning alert no. 11: Full server-side request forgery #572

New issue

Closed

opened 2026-03-13 20:57:47 +03:00 by kerem · 0 comments

kerem commented

2026-03-13 20:57:47 +03:00

Owner

📋 Pull Request Information

Original PR: https://github.com/AJaySi/ALwrity/pull/144
Author: @AJaySi
Created: 1/5/2025
Status: ❌ Closed

Base: main ← Head: alert-autofix-11

📝 Commits (1)

47c80d9 Fix code scanning alert no. 11: Full server-side request forgery

📊 Changes

1 file changed (+7 additions, -0 deletions)

View changed files

📝 lib/ai_seo_tools/webpage_content_analysis.py (+7 -0)

📄 Description

Fixes https://github.com/AJaySi/AI-Writer/security/code-scanning/11

To fix the problem, we need to ensure that the user-provided URL is validated against a list of authorized domains. This can be achieved by maintaining a list of allowed domains and checking if the user-provided URL belongs to one of these domains before making the request.

Create a list of authorized domains.
Parse the user-provided URL and extract the domain.
Check if the extracted domain is in the list of authorized domains.
If the domain is not authorized, display an error message and stop the execution.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/AJaySi/ALwrity/pull/144 **Author:** [@AJaySi](https://github.com/AJaySi) **Created:** 1/5/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `alert-autofix-11` --- ### 📝 Commits (1) - [`47c80d9`](https://github.com/AJaySi/ALwrity/commit/47c80d9a70ab842a4202d4bbb044c06d07e92083) Fix code scanning alert no. 11: Full server-side request forgery ### 📊 Changes **1 file changed** (+7 additions, -0 deletions) <details> <summary>View changed files</summary> 📝 `lib/ai_seo_tools/webpage_content_analysis.py` (+7 -0) </details> ### 📄 Description Fixes [https://github.com/AJaySi/AI-Writer/security/code-scanning/11](https://github.com/AJaySi/AI-Writer/security/code-scanning/11) To fix the problem, we need to ensure that the user-provided URL is validated against a list of authorized domains. This can be achieved by maintaining a list of allowed domains and checking if the user-provided URL belongs to one of these domains before making the request. 1. Create a list of authorized domains. 2. Parse the user-provided URL and extract the domain. 3. Check if the extracted domain is in the list of authorized domains. 4. If the domain is not authorized, display an error message and stop the execution. _Suggested fixes powered by Copilot Autofix. Review carefully before merging._ --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

kerem

2026-03-13 20:57:47 +03:00

closed this issue
added the
pull-request
label

No milestone

No project

No assignees

1 participant

Notifications

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/ALwrity#572

No description provided.

Rows
Columns