From f9c0a9250df9aab3c3cc5fb9c19f3ad0d864ee2c Mon Sep 17 00:00:00 2001
From: "pensarappstaging[bot]"
 <187318418+pensarappstaging[bot]@users.noreply.github.com>
Date: Wed, 7 May 2025 23:57:52 +0000
Subject: [PATCH] Fix security issue: Unbounded Tweet Retrieval Resource
 Exhaustion Vulnerability (CWE-400, ML08)

---
 nexus/utils.py | 17 ++++++++++++++---
 1 file changed, 14 insertions(+), 3 deletions(-)

diff --git a/nexus/utils.py b/nexus/utils.py
index 852482b..375ea76 100644
--- a/nexus/utils.py
+++ b/nexus/utils.py
@@ -14,6 +14,8 @@
 load_dotenv()
 
 class Utils:
+    MAX_TWEETS = 3200  # Twitter API's maximum limit for user_timeline
+
     def __init__(self):
         api_key = os.getenv("API_KEY")
         api_secret = os.getenv("API_SECRET")
@@ -32,6 +34,17 @@ def user_lookup_tweepy(self, user: str, quantity: int):
         :param quantity: amount of tweets you want to retrieve
 
         """
+        # Cap quantity to the allowed bounds
+        if not isinstance(quantity, int):
+            try:
+                quantity = int(quantity)
+            except Exception:
+                quantity = 0
+        if quantity < 1:
+            quantity = 0
+        elif quantity > self.MAX_TWEETS:
+            quantity = self.MAX_TWEETS
+
         query: List[Dict] = []
 
         tweets = tweepy.Cursor(
@@ -133,6 +146,4 @@ def create_topics(self, documents: List[Dict], id_to_cluster_label: Dict, id_fie
     bot = Utils()
     lookup = bot.user_lookup_sns("JoeBiden", 5000)
     print(len(lookup))
-    print(lookup[-1])
-
-
+    print(lookup[-1])
\ No newline at end of file