Input Validation for API URL

Question

Input Validation for API URL

Opened this issue 4 months ago · 4 comments

Issue Details

Severity: High
Category: Security
File Path: https://github.com/Cloud-Code-AI/kaizen/blob/main//kaizen/tests/actions/diff_pr_test.py?plain=1#L18

Description

Potential for URL manipulation leading to API abuse.

Impact

If user inputs are not validated, it could lead to unauthorized access or data leakage through crafted URLs.

Suggestion

Validate and sanitize inputs for owner, repo, and pr_number before using them in the URL.

Code Sample

NA

Proposed Solution

Use regex or a validation library to ensure inputs conform to expected formats.

✨ Generated with love by Kaizen ❤️

Answer 1 · 2024-08-24T03:48:54.000Z

@sauravpanda would like to take this one!

should Pydantic be used ?

Answer 2 · 2024-08-24T03:52:48.000Z

sure, go ahead, pydantic would be nice!

Answer 3 · 2024-10-29T09:08:12.000Z

@sauravpanda i have tried working on this issue with a PR.
Can you take a look? and if possible assign his issue with a hacktoberfest label

Answer 4 · 2024-10-30T04:09:51.000Z

Sure, thanks for contributing, just updated the labels, let me know if I am missing something!