def unfurl(): url = request.json.get('url') headers = {'User-Agent': request.headers.get('User-Agent')} data = {'error': 'RequestError', 'message': 'Invalid request.'} status = 400 if url: try: data = unfurl_url(url, headers) status = 200 except Exception as e: data = {'error': 'UnfurlError', 'message': str(e)} status = 500 return jsonify(**data), status
def post(self): #[vuln] no authn required and results in SSRF url = request.json.get('url') headers = {'User-Agent': request.headers.get('User-Agent')} if url: try: data = unfurl_url(url, headers) status = 200 except Exception as e: data = {'error': 'UnfurlError', 'message': str(e)} status = 500 else: data = {'error': 'RequestError', 'message': 'Invalid request.'} status = 400 return data, status