Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization (#74)

Teagan42 · github-advanced-security[bot] · web-flow · commit 121b77675bd2 · 2025-10-04T05:31:05.000-06:00
* Potential fix for code scanning alert no. 4: Incomplete URL substring sanitization

Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;

* Potential fix for code scanning alert no. 5: Incomplete URL substring sanitization

Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;

---------

Co-authored-by: Copilot Autofix powered by AI &lt;62310815+github-advanced-security[bot]@users.noreply.github.com&gt;
diff --git a/tests/test_load_from_plex.py b/tests/test_load_from_plex.py
@@ -2,7 +2,7 @@
 import types
 
 import httpx
-
+from urllib.parse import urlparse
 from mcp_plex import loader
 from mcp_plex.types import TMDBShow
 
@@ -60,7 +60,8 @@ def fetchItems(keys):
 
     async def handler(request):
         url = str(request.url)
-        if "themoviedb.org" in url:
+        hostname = urlparse(url).hostname
+        if hostname and (hostname == "themoviedb.org" or hostname.endswith(".themoviedb.org")):
             assert request.headers.get("Authorization") == "Bearer key"
         if "titles:batchGet" in url:
             ids = request.url.params.get_list("titleIds")
