From d20b245bd3036e98710470937076012e34d04a2f Mon Sep 17 00:00:00 2001
From: David Soria Parra <167242713+dsp-ant@users.noreply.github.com>
Date: Sun, 24 Nov 2024 21:06:37 +0000
Subject: [PATCH] Fix code scanning alert no. 2: Incomplete URL substring
 sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/sentry/src/mcp_server_sentry/server.py | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/sentry/src/mcp_server_sentry/server.py b/src/sentry/src/mcp_server_sentry/server.py
index a229f403..f2d7f4e6 100644
--- a/src/sentry/src/mcp_server_sentry/server.py
+++ b/src/sentry/src/mcp_server_sentry/server.py
@@ -72,8 +72,8 @@ def extract_issue_id(issue_id_or_url: str) -> str:
 
     if issue_id_or_url.startswith(("http://", "https://")):
         parsed_url = urlparse(issue_id_or_url)
-        if not parsed_url.netloc.endswith("sentry.io"):
-            raise SentryError("Invalid Sentry URL. Must be a URL ending with sentry.io")
+        if not parsed_url.hostname or not parsed_url.hostname.endswith(".sentry.io"):
+            raise SentryError("Invalid Sentry URL. Must be a URL ending with .sentry.io")
 
         path_parts = parsed_url.path.strip("/").split("/")
         if len(path_parts) < 2 or path_parts[0] != "issues":