From 4ac4eff638b174faca09b1d82dda382b6a4c44c0 Mon Sep 17 00:00:00 2001
From: Devin AI <158243242+devin-ai-integration[bot]@users.noreply.github.com>
Date: Thu, 26 Mar 2026 09:13:14 +0000
Subject: [PATCH] fix: resolve CodeQL alert #43 - Reflected server-side
 cross-site scripting

---
 vulnerable_ssrf.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/vulnerable_ssrf.py b/vulnerable_ssrf.py
index f031b5e..c7be0f5 100644
--- a/vulnerable_ssrf.py
+++ b/vulnerable_ssrf.py
@@ -1,5 +1,5 @@
 import requests
-from flask import Flask, request
+from flask import Flask, request, jsonify
 import urllib.request
 
 app = Flask(__name__)
@@ -46,7 +46,7 @@ def fetch_metadata():
     
     metadata = requests.get(metadata_url, timeout=5).json()
     
-    return metadata
+    return jsonify(metadata)
 
 def download_file(file_url):
     response = requests.get(file_url, stream=True)