added url validation to all server requests

cookbook/integration/cookbookapp.py

@@ -6,6 +6,7 @@ from gettext import gettext as _
 from io import BytesIO
 
 import requests
+import validators
 import yaml
 
 from cookbook.helper.ingredient_parser import IngredientParser
@@ -59,8 +60,10 @@ class CookBookApp(Integration):
 
         if len(images) > 0:
             try:
-                response = requests.get(images[0])
-                self.import_recipe_image(recipe, BytesIO(response.content))
+                url = images[0]
+                if validators.url(url, public=True):
+                    response = requests.get(url)
+                    self.import_recipe_image(recipe, BytesIO(response.content))
             except Exception as e:
                 print('failed to import image ', str(e))
 

cookbook/integration/cookmate.py

@@ -5,6 +5,7 @@ from io import BytesIO
 from gettext import gettext as _
 
 import requests
+import validators
 from lxml import etree
 
 from cookbook.helper.ingredient_parser import IngredientParser
@@ -64,7 +65,9 @@ class Cookmate(Integration):
 
         if recipe_xml.find('imageurl') is not None:
             try:
-                response = requests.get(recipe_xml.find('imageurl').text.strip())
+                url = recipe_xml.find('imageurl').text.strip()
+                if validators.url(url, public=True):
+                    response = requests.get(url)
                 self.import_recipe_image(recipe, BytesIO(response.content))
             except Exception as e:
                 print('failed to import image ', str(e))

cookbook/integration/recettetek.py

@@ -5,6 +5,7 @@ from io import BytesIO
 from zipfile import ZipFile
 
 import requests
+import validators
 
 from django.utils.translation import gettext as _
 from cookbook.helper.image_processing import get_filetype
@@ -123,11 +124,13 @@ class RecetteTek(Integration):
                         self.import_recipe_image(recipe, BytesIO(import_zip.read(image_file_name)), filetype=get_filetype(image_file_name))
             else:
                 if file['originalPicture'] != '':
-                    response = requests.get(file['originalPicture'])
-                    if imghdr.what(BytesIO(response.content)) is not None:
-                        self.import_recipe_image(recipe, BytesIO(response.content), filetype=get_filetype(file['originalPicture']))
-                    else:
-                        raise Exception("Original image failed to download.")
+                    url = file['originalPicture']
+                    if validators.url(url, public=True):
+                        response = requests.get(url)
+                        if imghdr.what(BytesIO(response.content)) is not None:
+                            self.import_recipe_image(recipe, BytesIO(response.content), filetype=get_filetype(file['originalPicture']))
+                        else:
+                            raise Exception("Original image failed to download.")
         except Exception as e:
             print(recipe.name, ': failed to import image ', str(e))
 

cookbook/integration/recipesage.py

@@ -2,6 +2,7 @@ import json
 from io import BytesIO
 
 import requests
+import validators
 
 from cookbook.helper.ingredient_parser import IngredientParser
 from cookbook.integration.integration import Integration
@@ -51,8 +52,10 @@ class RecipeSage(Integration):
 
         if len(file['image']) > 0:
             try:
-                response = requests.get(file['image'][0])
-                self.import_recipe_image(recipe, BytesIO(response.content))
+                url = file['image'][0]
+                if validators.url(url, public=True):
+                    response = requests.get(url)
+                    self.import_recipe_image(recipe, BytesIO(response.content))
             except Exception as e:
                 print('failed to import image ', str(e))