pixee · pixeebot-test · Jul 21, 2024 · pixeebot-test · Jul 21, 2024
diff --git a/introduction/playground/A6/soln.py b/introduction/playground/A6/soln.py
@@ -1,15 +1,15 @@
-import requests
+from security import safe_requests
 
 
 def check_vuln(list_of_modules)->list:
     vulns = []
     for i in list_of_modules:
         k = i.split("==")
         url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json"
-        response = requests.get(url)
+        response = safe_requests.get(url)
         response.raise_for_status()
         info = response.json()
         existing_vuln = info['vulnerabilities']
         if len(existing_vuln) > 0:
             vulns.append(existing_vuln) 
-    return vulns
+    return vulns
diff --git a/introduction/playground/A6/utility.py b/introduction/playground/A6/utility.py
@@ -1,15 +1,15 @@
-import requests
-
-
-def check_vuln(list_of_modules)->list:
-    vulns = []
-    for i in list_of_modules:
-        k = i.split("==")
-        url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json"
-        response = requests.get(url)
-        response.raise_for_status()
-        info = response.json()
-        existing_vuln = info['vulnerabilities']
-        if len(existing_vuln) > 0:
-            vulns.append(existing_vuln) 
-    return vulns
+from security import safe_requests
+
+
+def check_vuln(list_of_modules)->list:
+    vulns = []
+    for i in list_of_modules:
+        k = i.split("==")
+        url = f"https://pypi.org/pypi/{k[0]}/{k[1]}/json"
+        response = safe_requests.get(url)
+        response.raise_for_status()
+        info = response.json()
+        existing_vuln = info['vulnerabilities']
+        if len(existing_vuln) > 0:
+            vulns.append(existing_vuln) 
+    return vulns
diff --git a/introduction/views.py b/introduction/views.py
@@ -1,7 +1,6 @@
 import base64
 import datetime
 import hashlib
-import json
 import logging
 import os
 import pickle
@@ -19,25 +18,21 @@
 from xml.sax.handler import feature_external_ges
 
 import jwt
-import requests
 import yaml
 from argon2 import PasswordHasher
 from django.contrib import messages
-from django.contrib.auth import authenticate, login
-from django.contrib.auth.forms import UserCreationForm
-from django.core import serializers
-from django.http import HttpResponse, HttpResponseBadRequest, JsonResponse
+from django.contrib.auth import login
+from django.http import HttpResponse, HttpResponseBadRequest
 from django.shortcuts import redirect, render
-from django.template import loader
 from django.template.loader import render_to_string
 from django.views.decorators.csrf import csrf_exempt
 from PIL import Image, ImageMath
-from requests.structures import CaseInsensitiveDict
 
 from .forms import NewUserForm
 from .models import (FAANG, AF_admin, AF_session_id, Blogs, CF_user, authLogin,
-                     comments, info, login, otp, sql_lab_table, tickits)
+                     comments, login, otp, sql_lab_table, tickits)
 from .utility import customHash, filter_blog
+from security import safe_requests
 
 #*****************************************Lab Requirements****************************************************#
 
@@ -953,7 +948,7 @@ def ssrf_lab2(request):
     elif request.method == "POST":
         url = request.POST["url"]
         try:
-            response = requests.get(url)
+            response = safe_requests.get(url)
             return render(request, "Lab/ssrf/ssrf_lab2.html", {"response": response.content.decode()})
         except:
             return render(request, "Lab/ssrf/ssrf_lab2.html", {"error": "Invalid URL"})

diff --git a/requirements.txt b/requirements.txt
@@ -31,3 +31,4 @@ urllib3==1.26.9
 Werkzeug==2.1.2
 whitenoise==6.2.0
 zipp==3.8.0
+security==1.3.0