From d88c68ea580b182a1484b7d94b47b772e375aefd Mon Sep 17 00:00:00 2001 From: Weilong Liao <37870767+Soulter@users.noreply.github.com> Date: Fri, 19 Jun 2026 12:36:11 +0800 Subject: [PATCH] Potential fix for pull request finding 'CodeQL / Incomplete URL substring sanitization' Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com> --- tests/test_updator_socks.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/tests/test_updator_socks.py b/tests/test_updator_socks.py index e2667885e..318a931e6 100644 --- a/tests/test_updator_socks.py +++ b/tests/test_updator_socks.py @@ -3,6 +3,7 @@ import posixpath from dataclasses import dataclass, field from pathlib import Path from types import SimpleNamespace +from urllib.parse import urlparse import certifi import httpx @@ -353,7 +354,8 @@ async def test_astrbot_updator_falls_back_when_hosted_core_package_fails( async def fake_download_file(url: str, path: str, progress_callback=None): # noqa: ARG001 calls.append(url) - if url.startswith("https://cdn.example"): + parsed = urlparse(url) + if parsed.scheme == "https" and parsed.hostname == "cdn.example": raise RuntimeError("404") Path(path).write_bytes(b"github-core")