update review comments

spotinst · Nov 28, 2024 · 7538a32 · 7538a32
1 parent ffa5636
commit 7538a32
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 5 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,14 @@
 All notable changes to this project will be documented in this file.
 This project adheres to [Semantic Versioning](http://semver.org/).
 
+## [3.21.0] - 2024-11-28
+### Fixed
+- Fixed `[NA-SPOT-SDK-03] URL Path Traversal in Python SDK` from pentesting report
+
+## [3.20.0] - 2024-11-20
+### Fixed
+- Fixed static analysis issues reported by semgrep tool
+
 ## [3.19.0] - 2024-11-06
 ### Added
 - Added `SpotSizeAttributes` model for Azure Stateful Nodes

diff --git a/spotinst_sdk2/client.py b/spotinst_sdk2/client.py
@@ -45,12 +45,12 @@ def __init__(self, session=None,
         self.timeout = timeout
 
     def validate_url(self, url):
-        self.print_output("input url - " + str(self.base_url + url))
-        self.print_output("parsed_url - " + str(urllib3.util.parse_url(self.base_url + url)))
-        if str(urllib3.util.parse_url(self.base_url + url)) == self.base_url + url:
+        self.print_output("Input Url - " + self.base_url + url)
+        self.print_output("Parsed Url - " + urllib3.util.parse_url(self.base_url + url).url)
+        if urllib3.util.parse_url(self.base_url + url).url == self.base_url + url:
             return self.base_url + url
         else:
-            return "Url is not safe"
+            raise Exception("UNSAFE_URL")
 
     def send_get(self, url, entity_name, query_params=None):
         agent = self.resolve_user_agent()

diff --git a/spotinst_sdk2/version.py b/spotinst_sdk2/version.py
@@ -1 +1 @@
-__version__ = '3.20.2'
+__version__ = '3.21.0'