kaizen icon indicating copy to clipboard operation
kaizen copied to clipboard
verified publisher icon Cloud-Code-AI

Input Validation for API URL

Open sauravpanda opened this issue 1 year ago • 4 comments

Issue Details

Severity: High Category: Security File Path: https://github.com/Cloud-Code-AI/kaizen/blob/main//kaizen/tests/actions/diff_pr_test.py?plain=1#L18

Description

Potential for URL manipulation leading to API abuse.

Impact

If user inputs are not validated, it could lead to unauthorized access or data leakage through crafted URLs.

Suggestion

Validate and sanitize inputs for owner, repo, and pr_number before using them in the URL.

Code Sample 
NA
Proposed Solution 
Use regex or a validation library to ensure inputs conform to expected formats.

✨ Generated with love by Kaizen ❤️

sauravpanda avatar Aug 21 '24 02:08 sauravpanda

@sauravpanda would like to take this one!

should Pydantic be used ?

ameeetgaikwad avatar Aug 24 '24 03:08 ameeetgaikwad

sure, go ahead, pydantic would be nice!

sauravpanda avatar Aug 24 '24 03:08 sauravpanda

@sauravpanda i have tried working on this issue with a PR. Can you take a look? and if possible assign his issue with a hacktoberfest label

Kaos599 avatar Oct 29 '24 09:10 Kaos599

Sure, thanks for contributing, just updated the labels, let me know if I am missing something!

sauravpanda avatar Oct 30 '24 04:10 sauravpanda