Merge pull request #172 from mlcommons/alert-autofix-12

anandhu-eng · web-flow · commit 27566be5936e · 2025-09-04T21:59:00.000+05:30
Potential fix for code scanning alert no. 12: Incomplete URL substring sanitization
diff --git a/mlc/repo_action.py b/mlc/repo_action.py
@@ -199,12 +199,18 @@ def find(self, run_args):
                 repo_uid = repo_split[1]
         elif "@" in repo:
             repo_name = repo
-        elif "github.com" in repo:
-            result = self.github_url_to_user_repo_format(repo)
-            if result["return"] == 0:
-                repo_name = result["value"]
-            else:
-                return result
+        else:
+            # Check for valid github.com URL using urlparse
+            try:
+                parsed = urlparse(repo)
+            except Exception:
+                parsed = None
+            if parsed and parsed.scheme in ("http", "https") and parsed.hostname == "github.com":
+                result = self.github_url_to_user_repo_format(repo)
+                if result["return"] == 0:
+                    repo_name = result["value"]
+                else:
+                    return result
 
         # Check if repo_name exists in repos.json
         matched_repo_path = None
