From 2173ce1f48f0fb7f7bc3786460de3ba83354d5b5 Mon Sep 17 00:00:00 2001
From: "pensarappdev[bot]"
 <182706286+pensarappdev[bot]@users.noreply.github.com>
Date: Wed, 7 May 2025 14:27:21 +0000
Subject: [PATCH] Fix security issue: Unbounded Twitter API Request Resource
 Consumption (CWE-400)

---
 nexus/utils.py | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/nexus/utils.py b/nexus/utils.py
index 852482b..28cfc68 100644
--- a/nexus/utils.py
+++ b/nexus/utils.py
@@ -14,6 +14,8 @@
 load_dotenv()
 
 class Utils:
+    MAX_TWEETS = 3200  # Maximum allowed tweets per Twitter API (user timeline)
+
     def __init__(self):
         api_key = os.getenv("API_KEY")
         api_secret = os.getenv("API_SECRET")
@@ -32,6 +34,13 @@ def user_lookup_tweepy(self, user: str, quantity: int):
         :param quantity: amount of tweets you want to retrieve
 
         """
+        # Validate and cap quantity to prevent denial of service
+        if not isinstance(quantity, int) or quantity <= 0:
+            raise ValueError("Quantity must be a positive integer")
+        if quantity > self.MAX_TWEETS:
+            logger.info(f"Requested quantity {quantity} exceeds limit; capping to {self.MAX_TWEETS}.")
+            quantity = self.MAX_TWEETS
+
         query: List[Dict] = []
 
         tweets = tweepy.Cursor(
@@ -133,6 +142,4 @@ def create_topics(self, documents: List[Dict], id_to_cluster_label: Dict, id_fie
     bot = Utils()
     lookup = bot.user_lookup_sns("JoeBiden", 5000)
     print(len(lookup))
-    print(lookup[-1])
-
-
+    print(lookup[-1])
\ No newline at end of file