#188414493 Refactor: Fix substring sanitization (#26)

* Fix Substring Sanitzation

- Fix [URL substring sanitization](https://github.com/Moesif/moesifpythonrequest/security/code-scanning/1)
- Bump version
- Update moesifapi version req.
- Update .gitignore

* Address URL substring sanitization CWE-20

* Refactor: Bump moesifapi-python version to 1.5.3

Refactor: Bump moesifapi-python version to 1.5.3

---------

Co-authored-by: Dylan Frankcom <dylanfrankcom@icloud.com>

Author: keyur9

.gitignore

@@ -202,3 +202,5 @@ fabric.properties
 # modules.xml
 # .idea/misc.xml
 # *.ipr
+/Pipfile
+/Pipfile.lock

moesifpythonrequest/utility_function/utility_function.py

@@ -1,23 +1,28 @@
 # Import libraries
 from moesifapi.moesif_api_client import APIHelper
 from datetime import datetime
-
+from urllib.parse import urlparse
 
 class UtilityFunction():
     # Function to get the current time
     def get_current_time(self):
         return datetime.utcnow().strftime("%Y-%m-%dT%H:%M:%S.%f")[:-3]
 
+    # Function to check if the allowed url is valid
+    def is_valid_url(url, allowed_hosts):
+        try:
+            parsed_url = urlparse(url)
+            return parsed_url.netloc.endswith('moesif.net')
+        except:
+            return False
+
     # Function to check if the event is to Moesif
     def is_moesif(self, request_headers, url):
         if request_headers and isinstance(request_headers, dict):
             if request_headers.get('X-Moesif-SDK', None) is not None or request_headers.get('X-Moesif-Application-Id', None) is not None:
                 return True
 
-        if url and 'moesif.net' in url:
-            return True
-
-        return False
+        return is_valid_url(url)
 
     # Function to mask the body
     def mask_body(self, body, masks):

requirements.txt

@@ -1,2 +1,2 @@
 requests
-moesifapi==1.4.2
+moesifapi==1.5.3

setup.py

@@ -28,7 +28,7 @@
     # Versions should comply with PEP440.  For a discussion on single-sourcing
     # the version across setup.py and the project code, see
     # https://packaging.python.org/en/latest/single_source_version.html
-    version='0.3.3',
+    version='0.3.4',
 
     description='Moesif Python request',
     long_description=long_description,