From ddc261a4a8940277d1ddcfab50201debf4c0b1a0 Mon Sep 17 00:00:00 2001
From: Arpit Jain <3242828+arpitjain099@users.noreply.github.com>
Date: Sun, 20 Oct 2024 14:08:14 +0900
Subject: [PATCH] Fix code scanning alert no. 18: Full server-side request
 forgery

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 .../InsightsGenerator/insights_generator/core/OAI_client.py  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/End_to_end_Solutions/InsightsGenerator/insights_generator/core/OAI_client.py b/End_to_end_Solutions/InsightsGenerator/insights_generator/core/OAI_client.py
index 0ac8d020..498d76be 100644
--- a/End_to_end_Solutions/InsightsGenerator/insights_generator/core/OAI_client.py
+++ b/End_to_end_Solutions/InsightsGenerator/insights_generator/core/OAI_client.py
@@ -5,8 +5,11 @@
 import tiktoken
 
 def make_prompt_request(prompt, max_tokens = 2048, timeout = 4):
-    #url = "https://api.openai.com/v1/embeddings"
+    # Whitelist of allowed URLs
+    allowed_urls = ["https://api.openai.com/v1/embeddings", "https://another-trusted-url.com"]
     url = os.getenv("AOAI_ENDPOINT")
+    if url not in allowed_urls:
+        raise ValueError("The provided URL is not allowed.")
     key = os.getenv("AOAI_KEY")
                   
     payload_dict = {"prompt": prompt,