docs: Add Security comments (SSRF)

open-contracting · Oct 20, 2024 · 8b2423b · 8b2423b
1 parent d915fb4
commit 8b2423b
Showing 1 changed file with 3 additions and 3 deletions.
diff --git a/cove_ocds/models.py b/cove_ocds/models.py
@@ -14,10 +14,10 @@
 
 CONTENT_TYPE_MAP = {
     "application/json": "json",
-    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": "xlsx",
-    "text/csv": "csv",
     "application/vnd.oasis.opendocument.spreadsheet": "ods",
+    "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet": "xlsx",
     "application/xml": "xml",
+    "text/csv": "csv",
     "text/xml": "xml",
 }
 
@@ -51,7 +51,7 @@ def upload_url(self):
 
     def download(self):
         response = requests.get(
-            self.source_url,
+            self.source_url,  # Security: Potential SSRF via user-provided URL
             headers={"User-Agent": settings.USER_AGENT},
             timeout=settings.REQUESTS_TIMEOUT,
         )