build(pyproject.toml): add new dev dependencies - for type checking #9631
Conversation
|
The latest updates on your projects. Learn more about Vercel for Git ↗︎
|
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| if parsed_url.hostname and parsed_url.hostname.endswith( | ||
| "generativelanguage.googleapis.com" | ||
| ): |
Check failure
Code scanning / CodeQL
Incomplete URL substring sanitization High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix the problem, we need to ensure that the hostname is correctly parsed and validated to prevent malicious URLs from bypassing the check. The best way to fix this is to use the urlparse function to parse the URL and then check the hostname to ensure it matches the allowed domain exactly or as a subdomain.
We will modify the _get_custom_llm_provider_from_url method to use a more robust check for the hostname. Specifically, we will ensure that the hostname is either "generativelanguage.googleapis.com" or ends with ".generativelanguage.googleapis.com".
| @@ -225,4 +225,5 @@ | ||
| parsed_url = urlparse(url) | ||
| if parsed_url.hostname and parsed_url.hostname.endswith( | ||
| "generativelanguage.googleapis.com" | ||
| if parsed_url.hostname and ( | ||
| parsed_url.hostname == "generativelanguage.googleapis.com" or | ||
| parsed_url.hostname.endswith(".generativelanguage.googleapis.com") | ||
| ): |
Title
Relevant issues
Pre-Submission checklist
Please complete all items before asking a LiteLLM maintainer to review your PR
tests/litellm/directory, Adding at least 1 test is a hard requirement - see detailsmake test-unit)[https://docs.litellm.ai/docs/extras/contributing_code]Type
🆕 New Feature
🐛 Bug Fix
🧹 Refactoring
📖 Documentation
🚄 Infrastructure
✅ Test
Changes