Merge pull request #89 from internetarchive/fix-semgrep

cdrini · web-flow · commit 6d61ddab0761 · 2024-11-26T12:58:49.000-05:00
Fix some small misc semgrep issues
diff --git a/iiify/app.py b/iiify/app.py
@@ -13,6 +13,7 @@
 from .configs import options, cors, approot, cache_root, media_root, \
     cache_expr, version, image_server, cache_timeouts
 from urllib.parse import quote
+import re
 
 
 app = Flask(__name__)
@@ -98,8 +99,15 @@ def documentation():
 
 @app.route('/iiif/helper/<identifier>/')
 def helper(identifier):
-    domain = purify_domain(request.args.get('domain', request.url_root))
+    if not re.match(r'^[a-zA-Z0-9_.-]{1,100}$', identifier):
+        abort(400, "Invalid identifier")
+
     metadata = requests.get('%s/metadata/%s' % (ARCHIVE, identifier)).json()
+
+    # If the item doesn't exist, the endpoint 200s with an empty object
+    if not metadata:
+        abort(404, f"Identifier '{identifier}' not found")
+
     mediatype = metadata['metadata']['mediatype']
 
     if mediatype == "image":
diff --git a/iiify/resolver.py b/iiify/resolver.py
@@ -19,8 +19,8 @@
 ARCHIVE = 'https://archive.org'
 IMG_SRV = 'https://iiif.archive.org/image/iiif'
 METADATA_FIELDS = ("title", "volume", "publisher", "subject", "date", "contributor", "creator")
-bookdata = 'http://%s/BookReader/BookReaderJSON.php'
-bookreader = "http://%s/BookReader/BookReaderImages.php"
+bookdata = 'https://%s/BookReader/BookReaderJSON.php'
+bookreader = "https://%s/BookReader/BookReaderImages.php"
 URI_PRIFIX = "https://iiif.archive.org/iiif"
 
 MAX_SCRAPE_LIMIT = 10_000
diff --git a/iiify/templates/cropper.html b/iiify/templates/cropper.html
@@ -7,9 +7,9 @@
         <meta name="description" content="">
         <meta name="viewport" content="width=device-width, initial-scale=1">
         <meta content="IIIF Image Server with Cropping." name="description">
-	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js"></script>
-	<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/hammer.js/1.0.5/hammer.js"></script>
-	<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.6/jquery.mousewheel.js"></script>
+	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js" integrity="sha512-HSHW7qQWdBeS3VLKP4Ivf7LUKMXv9xK2yjIk6KUqgRomN2o1nPHDAp6AjyVkOlfLD7CaBFTZSKaTCYMKDM+KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+	<script src="//cdnjs.cloudflare.com/ajax/libs/hammer.js/1.0.5/hammer.js" integrity="sha512-pO4sG/7iGZORExB98TWgbHsPkPRL+5qGivDUCAZPthvcfzmD4MwHBK/zACE7Zmbp/O+rdkyOm+xNGNx9f9Q94w==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+	<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.6/jquery.mousewheel.js" integrity="sha512-+s+FrwTiWBi2XgyOIKirkPkvOb/CLp1ekmBkNFr0xAhCkV4e2mQU89ZkJ1rSDSJmCC4d4UHwPVPblPyTjh66Kw==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 	<link type="text/css" media="screen" rel="stylesheet" href="//acornejo.github.io/jquery-cropbox/jquery.cropbox.css">
 	<script src="//acornejo.github.io/jquery-cropbox/jquery.cropbox.js"></script>
     </head>
diff --git a/iiify/templates/viewer.html b/iiify/templates/viewer.html
@@ -8,7 +8,7 @@
         <meta name="viewport" content="width=device-width, initial-scale=1">
         <meta content="IIIF Image Server 2.0 with Openseadragon." name="description">
 	<link href="{{ request.url_root }}static/styles/style.css" rel="stylesheet" type="text/css" />
-	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js"></script>
+	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js" integrity="sha512-HSHW7qQWdBeS3VLKP4Ivf7LUKMXv9xK2yjIk6KUqgRomN2o1nPHDAp6AjyVkOlfLD7CaBFTZSKaTCYMKDM+KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 	<script src="{{ request.url_root }}static/scripts/openseadragon/openseadragon.min.js"></script>
 
 	<style type="text/css">
