austimkelly · austimkelly · May 14, 2024 · May 14, 2024
diff --git a/ssrf/ssrf.py b/ssrf/ssrf.py
@@ -3,10 +3,23 @@
 
 app = Flask(__name__)
 
+def fetch_url_content():
+    url = request.args.get('url', '')
+    if url:
+        # New vulns introduced at a new line
+        response = requests.get(url)
+        if response.status_code == 200:
+            return response.text
+        else:
+            return f"Failed to fetch URL: {response.status_code}"
+    else:
+        return "No URL parameter provided."
+
 @app.route('/follow')
 def follow_url():
     url = request.args.get('url', '')
     if url:
+        # SSRF - This will not be blocked in the PR because it already exists as an alert.
         return requests.get(url).text
 
     return "No URL parameter provided."