[Security] Fix CodeQL alert #43: Reflected server-side cross-site scripting

vulnerable_ssrf.py

@@ -1,5 +1,5 @@
 import requests
-from flask import Flask, request
+from flask import Flask, request, jsonify
 import urllib.request
 
 app = Flask(__name__)
@@ -8,15 +8,15 @@
 def fetch_url():
     url = request.args.get('url')
 
     response = requests.get(url)
 
     return response.text
 
 @app.route('/proxy')
 def proxy_request():
     target_url = request.args.get('target')
 
     data = urllib.request.urlopen(target_url).read()
 
     return data
 
@@ -24,7 +24,7 @@
 def webhook():
     callback_url = request.json.get('callback_url')
 
     response = requests.post(callback_url, json={'status': 'success'})
 
     return f"Webhook sent: {response.status_code}"
 
@@ -32,9 +32,9 @@
 def load_image():
     image_url = request.args.get('url')
 
     img_data = requests.get(image_url).content
 
     return img_data
 
 def fetch_remote_resource(resource_url):
     with urllib.request.urlopen(resource_url) as response:
@@ -44,9 +44,9 @@
 def fetch_metadata():
     metadata_url = request.args.get('metadata_url')
 
     metadata = requests.get(metadata_url, timeout=5).json()
 
-    return metadata
+    return jsonify(metadata)
 
 def download_file(file_url):
     response = requests.get(file_url, stream=True)