Potential fix for code scanning alert no. 16: Server-side request forgery

Geovane2dd · github-advanced-security[bot] · web-flow · commit 8c3a06b85fdb · 2025-05-03T21:32:09.000Z
Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/pages/api/all/[ticket].js b/pages/api/all/[ticket].js
@@ -17,9 +17,11 @@ export default function handler(req, res) {
                 return res.status(400).json({ error: `Ticket not found in the available list. Go to ${process.env.URL}/api/fundamentus/available` });
             }
 
+            const validatedTicket = stockData.ticker; // Use the validated ticker from stockList
+
             return Promise.all([
-                axios.get(`${process.env.URL}/api/fundamentus/${ticket}`),
-                axios.get(`${process.env.URL}/api/quote/${ticket}`)
+                axios.get(`${process.env.URL}/api/fundamentus/${validatedTicket}`),
+                axios.get(`${process.env.URL}/api/quote/${validatedTicket}`)
             ]).then(([fundamentusData, quoteData]) => {
                 const combinedData = {
                     ticket: ticket,
