amorfo77/parsedmarc
1
0
Fork 0
mirror of https://github.com/domainaware/parsedmarc.git synced 2026-06-06 18:59:45 +00:00
Code Issues Projects Releases Wiki Activity

Fix CodeQL URL validation security alerts in tests

Browse Source 
- Replace unsafe substring checking (in operator) with proper URL parsing
- Use urllib.parse.urlparse to validate URL components (scheme, netloc, path)
- Check specific URL parts (netloc) instead of substring matching anywhere in URL
- Fixes 3 CodeQL "Incomplete URL substring sanitization" alerts
- All 13 tests still passing
This commit is contained in:
copilot-swe-agent[bot]
2026-06-04 02:20:12 +00:00
committed by GitHub
parent f1a91d75ad
commit 717518e702
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
tests/test_google_secops.py
+13 -5
View File
@@ -246,6 +246,7 @@ class TestGoogleSecOps(unittest.TestCase):
def test_get_api_endpoint(self):
"""Test API endpoint URL generation."""
from parsedmarc.google_secops import GoogleSecOpsClient
from urllib.parse import urlparse
client = GoogleSecOpsClient(use_stdout=True)
client.api_customer_id = "test-customer-123"
@@ -253,14 +254,17 @@ class TestGoogleSecOps(unittest.TestCase):
client.api_log_type = "DMARC"
endpoint = client._get_api_endpoint()
assert "us-chronicle.googleapis.com" in endpoint
assert "test-customer-123" in endpoint
assert "DMARC" in endpoint
parsed_url = urlparse(endpoint)
assert parsed_url.scheme == "https"
assert parsed_url.netloc == "us-chronicle.googleapis.com"
assert "test-customer-123" in parsed_url.path
assert "DMARC" in parsed_url.path
# Test different region
client.api_region = "europe"
endpoint = client._get_api_endpoint()
assert "europe-chronicle.googleapis.com" in endpoint
parsed_url = urlparse(endpoint)
assert parsed_url.netloc == "europe-chronicle.googleapis.com"
def test_helper_methods(self):
"""Test helper methods for severity, description, and timestamp formatting."""
@@ -413,7 +417,11 @@ class TestGoogleSecOps(unittest.TestCase):
call_args = mock_session.post.call_args
# Verify endpoint
assert "us-chronicle.googleapis.com" in call_args[0][0]
from urllib.parse import urlparse
endpoint_url = call_args[0][0]
parsed_url = urlparse(endpoint_url)
assert parsed_url.scheme == "https"
assert parsed_url.netloc == "us-chronicle.googleapis.com"
# Verify payload structure
payload = call_args[1]["json"]