fix ssrf vulnerability by removing the unnecessary/unused fetching lo… (

OWASP-BLT#3764) * fix ssrf vulnerability by removing the unnecessary/unused fetching logic of favicon.ico * Apply pre-commit fixes
nitinawari · Mar 2, 2025 · c6c677b · c6c677b
1 parent 41d3dbe
commit c6c677b
Showing 1 changed file with 0 additions and 11 deletions.
diff --git a/website/views/user.py b/website/views/user.py
@@ -51,7 +51,6 @@
     UserProfile,
     Wallet,
 )
-from website.utils import is_valid_https_url, rebuild_safe_url
 
 logger = logging.getLogger(__name__)
 
@@ -175,17 +174,7 @@ def post(self, request, *args, **kwargs):
         domain = None
         if email:
             domain = email.split("@")[-1]
-            try:
-                full_url_domain = "https://" + domain + "/favicon.ico"
-                if is_valid_https_url(full_url_domain):
-                    safe_url = rebuild_safe_url(full_url_domain)
-                    response = requests.get(safe_url, timeout=5)
-                    if response.status_code == 200:
-                        exists = "exists"
-            except:
-                pass
         context = {
-            "exists": exists,
             "domain": domain,
             "email": email,
         }