Verify scheme and suppress B310

surbhi · surbhi · commit 12b6c56f74bb · 2025-03-12T04:56:01.000Z
diff --git a/src/upnp.py b/src/upnp.py
@@ -109,7 +109,10 @@ def __init__(self, ssdpResponse, address):
             logger.error("UPnP: missing location header")
 
         # get the profile xml file and read it into a variable
-        directory = urlopen(header['location']).read()
+        parsed_url = urlparse(header['location'])
+        if parsed_url.scheme not in ['http', 'https']:
+            raise UPnPError("Unsupported URL scheme: %s" % parsed_url.scheme)
+        directory = urlopen(header['location']).read()  # nosec B310
 
         # create a DOM object that represents the `directory` document
         dom = parseString(directory)
