Skip to content

fix: relax validation for non-HTTP URLs #2147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
tdruez merged 1 commit into from
Apr 13, 2026
Merged

fix: relax validation for non-HTTP URLs #2147

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 4 additions & 3 deletions scanpipe/models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2012,9 +2012,10 @@ def fetch(self):
if not self.download_url:
raise ValueError("No `download_url` value to be fetched.")

is_safe_and_available = fetch.check_url(self.download_url)
if not is_safe_and_available:
raise ValidationError(f"Could not fetch: {self.download_url}")
if self.download_url.startswith("http"):
is_safe_and_available = fetch.check_url(self.download_url)
if not is_safe_and_available:
raise ValidationError(f"Could not fetch: {self.download_url}")

downloaded = fetch.fetch_url(url=self.download_url)
destination = self.project.move_input_from(downloaded.path)
Expand Down
2 changes: 1 addition & 1 deletion scanpipe/pipes/fetch.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -457,5 +457,5 @@ def check_url(url):

def check_urls_availability(urls):
"""Check the safety and accessibility of a list of URLs."""
errors = [url for url in urls if not check_url(url)]
errors = [url for url in urls if not check_url(url) if url.startswith("http")]
return errors
8 changes: 6 additions & 2 deletions scanpipe/tests/pipes/test_fetch.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -334,10 +334,14 @@ def test_scanpipe_pipes_fetch_check_url(self, mock_head, mock_gethostbyname):
def test_scanpipe_pipes_fetch_check_urls_availability(
self, mock_head, mock_gethostbyname
):
urls = [
http_urls = [
"https://example.com/file.zip",
"https://example.com/archive.tar.gz",
]
urls = http_urls + [
"docker://image",
"pkg:npm/name@version",
]

# All URLs safe and accessible
mock_gethostbyname.return_value = "93.184.216.34"
Expand All @@ -346,4 +350,4 @@ def test_scanpipe_pipes_fetch_check_urls_availability(

# All URLs fail
mock_head.side_effect = requests.exceptions.RequestException
self.assertEqual(urls, fetch.check_urls_availability(urls))
self.assertEqual(http_urls, fetch.check_urls_availability(urls))
1 change: 1 addition & 0 deletions scanpipe/tests/test_models.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2888,6 +2888,7 @@ def test_scanpipe_create_from_scorecard_data(self):
self.assertEqual(check.reason, expected["reason"])
self.assertEqual(check.details, expected["details"] or [])

@override_settings(TIME_ZONE="UTC")
def test_scanpipe_parse_score_date(self):
"""Test parse_score_date with valid, invalid, and custom date formats."""
# Valid date formats
Expand Down
Loading