Fix #3291: Resolve code scanning alert for URL sanitization

modmail-dev · Jul 17, 2023 · 2b66710 · 2b66710
1 parent 5170035
commit 2b66710
Showing 1 changed file with 11 additions and 7 deletions.
diff --git a/core/utils.py b/core/utils.py
@@ -147,13 +147,17 @@ def is_image_url(url: str, **kwargs) -> str:
     bool
         Whether the URL is a valid image URL.
     """
-    if url.startswith("https://gyazo.com") or url.startswith("http://gyazo.com"):
-        # gyazo support
-        url = re.sub(
-            r"(http[s]?:\/\/)((?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|(?:%[0-9a-fA-F][0-9a-fA-F]))+)",
-            r"\1i.\2.png",
-            url,
-        )
+    try:
+        result = parse.urlparse(url)
+        if result.netloc == 'gyazo.com' and result.scheme in ['http', 'https']:
+            # gyazo support
+            url = re.sub(
+                r"(https?://)((?:[a-zA-Z]|[0-9]|[$-_@.&+]|[!*(),]|%[0-9a-fA-F][0-9a-fA-F])+)",
+                r"\1i.\2.png",
+                url,
+            )
+    except ValueError:
+        pass
 
     return parse_image_url(url, **kwargs)