From cb6b514cab7a648c8c70496a78a9800d03eb8387 Mon Sep 17 00:00:00 2001
From: Drini Cami <cdrini@gmail.com>
Date: Mon, 25 Nov 2024 19:58:10 -0500
Subject: [PATCH] Fix some small misc semgrep issues

---
 iiify/app.py                 | 10 +++++++++-
 iiify/resolver.py            |  4 ++--
 iiify/templates/cropper.html |  6 +++---
 iiify/templates/viewer.html  |  2 +-
 4 files changed, 15 insertions(+), 7 deletions(-)

diff --git a/iiify/app.py b/iiify/app.py
index 74ed7f4..4bac8a3 100755
--- a/iiify/app.py
+++ b/iiify/app.py
@@ -13,6 +13,7 @@
 from .configs import options, cors, approot, cache_root, media_root, \
     cache_expr, version, image_server, cache_timeouts
 from urllib.parse import quote
+import re
 
 
 app = Flask(__name__)
@@ -98,8 +99,15 @@ def documentation():
 
 @app.route('/iiif/helper/<identifier>/')
 def helper(identifier):
-    domain = purify_domain(request.args.get('domain', request.url_root))
+    if not re.match(r'^[a-zA-Z0-9_.-]{1,100}$', identifier):
+        abort(400, "Invalid identifier")
+
     metadata = requests.get('%s/metadata/%s' % (ARCHIVE, identifier)).json()
+
+    # If the item doesn't exist, the endpoint 200s with an empty object
+    if not metadata:
+        abort(404, f"Identifier '{identifier}' not found")
+
     mediatype = metadata['metadata']['mediatype']
 
     if mediatype == "image":
diff --git a/iiify/resolver.py b/iiify/resolver.py
index 245a5d2..49288e5 100644
--- a/iiify/resolver.py
+++ b/iiify/resolver.py
@@ -19,8 +19,8 @@
 ARCHIVE = 'https://archive.org'
 IMG_SRV = 'https://iiif.archive.org/image/iiif'
 METADATA_FIELDS = ("title", "volume", "publisher", "subject", "date", "contributor", "creator")
-bookdata = 'http://%s/BookReader/BookReaderJSON.php'
-bookreader = "http://%s/BookReader/BookReaderImages.php"
+bookdata = 'https://%s/BookReader/BookReaderJSON.php'
+bookreader = "https://%s/BookReader/BookReaderImages.php"
 URI_PRIFIX = "https://iiif.archive.org/iiif"
 
 MAX_SCRAPE_LIMIT = 10_000
diff --git a/iiify/templates/cropper.html b/iiify/templates/cropper.html
index 708f3d5..5330328 100644
--- a/iiify/templates/cropper.html
+++ b/iiify/templates/cropper.html
@@ -7,9 +7,9 @@
         <meta name="description" content="">
         <meta name="viewport" content="width=device-width, initial-scale=1">
         <meta content="IIIF Image Server with Cropping." name="description">
-	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js"></script>
-	<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/hammer.js/1.0.5/hammer.js"></script>
-	<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.6/jquery.mousewheel.js"></script>
+	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js" integrity="sha512-HSHW7qQWdBeS3VLKP4Ivf7LUKMXv9xK2yjIk6KUqgRomN2o1nPHDAp6AjyVkOlfLD7CaBFTZSKaTCYMKDM+KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+	<script src="//cdnjs.cloudflare.com/ajax/libs/hammer.js/1.0.5/hammer.js" integrity="sha512-pO4sG/7iGZORExB98TWgbHsPkPRL+5qGivDUCAZPthvcfzmD4MwHBK/zACE7Zmbp/O+rdkyOm+xNGNx9f9Q94w==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
+	<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery-mousewheel/3.1.6/jquery.mousewheel.js" integrity="sha512-+s+FrwTiWBi2XgyOIKirkPkvOb/CLp1ekmBkNFr0xAhCkV4e2mQU89ZkJ1rSDSJmCC4d4UHwPVPblPyTjh66Kw==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 	<link type="text/css" media="screen" rel="stylesheet" href="//acornejo.github.io/jquery-cropbox/jquery.cropbox.css">
 	<script src="//acornejo.github.io/jquery-cropbox/jquery.cropbox.js"></script>
     </head>
diff --git a/iiify/templates/viewer.html b/iiify/templates/viewer.html
index aeb23e2..ca17bf7 100644
--- a/iiify/templates/viewer.html
+++ b/iiify/templates/viewer.html
@@ -8,7 +8,7 @@
         <meta name="viewport" content="width=device-width, initial-scale=1">
         <meta content="IIIF Image Server 2.0 with Openseadragon." name="description">
 	<link href="{{ request.url_root }}static/styles/style.css" rel="stylesheet" type="text/css" />
-	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js"></script>
+	<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.0.0-beta1/jquery.js" integrity="sha512-HSHW7qQWdBeS3VLKP4Ivf7LUKMXv9xK2yjIk6KUqgRomN2o1nPHDAp6AjyVkOlfLD7CaBFTZSKaTCYMKDM+KTA==" crossorigin="anonymous" referrerpolicy="no-referrer"></script>
 	<script src="{{ request.url_root }}static/scripts/openseadragon/openseadragon.min.js"></script>
 
 	<style type="text/css">