From bf47d80c899e292fc6a44817bb1c29486bd0fd91 Mon Sep 17 00:00:00 2001
From: SFARPak <89567338+SFARPak@users.noreply.github.com>
Date: Sun, 14 Sep 2025 20:57:49 +0500
Subject: [PATCH] Potential fix for code scanning alert no. 17: Incomplete URL
 substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/api/providers/openai.ts | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/api/providers/openai.ts b/src/api/providers/openai.ts
index 277e501f57..05cee82d09 100644
--- a/src/api/providers/openai.ts
+++ b/src/api/providers/openai.ts
@@ -92,7 +92,14 @@ export class OpenAiHandler extends BaseProvider implements SingleCompletionHandl
 		const enabledLegacyFormat = this.options.openAiLegacyFormat ?? false
 		const isAzureAiInference = this._isAzureAiInference(modelUrl)
 		const deepseekReasoner = modelId.includes("deepseek-reasoner") || enabledR1Format
-		const ark = modelUrl.includes(".volces.com")
+		let ark = false;
+		try {
+			const parsedUrl = new URL(modelUrl);
+			const hostname = parsedUrl.hostname;
+			ark = (hostname === "volces.com" || hostname.endsWith(".volces.com"));
+		} catch (e) {
+			ark = false;
+		}
 
 		if (modelId.includes("o1") || modelId.includes("o3") || modelId.includes("o4")) {
 			yield* this.handleO3FamilyMessage(modelId, systemPrompt, messages)