Python Snippet #02
This challenge covers the review of a snippet of code written in Python
Course
The Code Review Snippet challenges are designed to help you identify vulnerabilities in small snippets of code. In this particular challenge, you're provided with a Python script that fetches a URL. The script attempts to ensure the URL starts with "https://pentesterlab.com" but fails to validate the complete hostname, making it vulnerable.
The issue lies in line 10, where the script checks if the URL starts with "https://pentesterlab.com" but does not verify the entire hostname. This allows attackers to bypass the filter by using URLs like "https://pentesterlab.com.example.org." This oversight could lead to unintended data being fetched from malicious domains, highlighting the importance of thorough input validation.