From e3a0cda16cee8371f9daa9e67a5cf91925145c5b Mon Sep 17 00:00:00 2001
From: Rip&Tear <84775494+theCyberTech@users.noreply.github.com>
Date: Sat, 8 Nov 2025 21:16:07 +0800
Subject: [PATCH] Potential fix for code scanning alert no. 27: Incomplete URL
 substring sanitization

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 lib/crewai/src/crewai/llms/providers/azure/completion.py | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/lib/crewai/src/crewai/llms/providers/azure/completion.py b/lib/crewai/src/crewai/llms/providers/azure/completion.py
index 17306d8a2..04840e706 100644
--- a/lib/crewai/src/crewai/llms/providers/azure/completion.py
+++ b/lib/crewai/src/crewai/llms/providers/azure/completion.py
@@ -4,7 +4,7 @@ import json
 import logging
 import os
 from typing import TYPE_CHECKING, Any
-
+from urllib.parse import urlparse
 from pydantic import BaseModel
 
 from crewai.utilities.agent_utils import is_context_length_exceeded
@@ -161,7 +161,9 @@ class AzureCompletion(BaseLLM):
         Returns:
             Validated and potentially corrected endpoint URL
         """
-        if "openai.azure.com" in endpoint and "/openai/deployments/" not in endpoint:
+        parsed_url = urlparse(endpoint)
+        hostname = parsed_url.hostname or ""
+        if (hostname == "openai.azure.com" or hostname.endswith(".openai.azure.com")) and "/openai/deployments/" not in endpoint:
             endpoint = endpoint.rstrip("/")
 
             if not endpoint.endswith("/openai/deployments"):