abbyswag/qwen-code
1
0
Fork 0
mirror of https://github.com/QwenLM/qwen-code.git synced 2025-12-20 16:57:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for code scanning alert no. 24: Incomplete URL substring sanitization

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
tanzhenxin
2025-08-15 17:10:20 +08:00
committed by GitHub
parent 5d4a9452d8
commit a925ac56fa
1 changed files with 12 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
packages/core/src/tools/web-fetch.ts
View File

@@ -174,11 +174,19 @@ ${textContent}
// Perform GitHub URL conversion here to differentiate between user-provided // Perform GitHub URL conversion here to differentiate between user-provided
// URL and the actual URL to be fetched. // URL and the actual URL to be fetched.
let url = params.url; let url = params.url;
if (url.includes('github.com') && url.includes('/blob/')) { try {
const parsedUrl = new URL(url);
if (
parsedUrl.hostname === 'github.com' &&
parsedUrl.pathname.includes('/blob/')
) {
url = url url = url
.replace('github.com', 'raw.githubusercontent.com') .replace('github.com', 'raw.githubusercontent.com')
.replace('/blob/', '/'); .replace('/blob/', '/');
} }
} catch (e) {
// If the URL is invalid, leave it unchanged (or handle as needed)
}
const confirmationDetails: ToolCallConfirmationDetails = { const confirmationDetails: ToolCallConfirmationDetails = {
type: 'info', type: 'info',