search

Cloud-Code-AI / kaizen

Seamless Bug Detection Throughout Your Development Cycle
https://cloudcode.ai/kaizen/docs/
MIT License
249 stars 32 forks source link

Input Validation for API URL #471

Open sauravpanda opened 3 weeks ago

sauravpanda commented 3 weeks ago

Issue Details

Severity: High Category: Security File Path: https://github.com/Cloud-Code-AI/kaizen/blob/main//kaizen/tests/actions/diff_pr_test.py?plain=1#L18

Description

Potential for URL manipulation leading to API abuse.

Impact If user inputs are not validated, it could lead to unauthorized access or data leakage through crafted URLs.
Suggestion Validate and sanitize inputs for owner, repo, and pr_number before using them in the URL.
Code Sample ``` NA ```
Proposed Solution ``` Use regex or a validation library to ensure inputs conform to expected formats. ```

✨ Generated with love by Kaizen ❤️

ameeetgaikwad commented 3 weeks ago

@sauravpanda would like to take this one!

should Pydantic be used ?

sauravpanda commented 3 weeks ago

sure, go ahead, pydantic would be nice!