[issue35907] [security][CVE-2019-9948] Unnecessary URL scheme exists to allow local_file:// reading file in urllib
Petter S
report at bugs.python.org
Mon May 4 02:49:11 EDT 2020
Petter S <petter.strandmark at gmail.com> added the comment:
We should whitelist the protocols. The current solution with `getattr` is really fragile.
For example, this crashes with a `TypeError`: `URLopener().open("unknown_proxy://test")`
----------
nosy: +Petter S
_______________________________________
Python tracker <report at bugs.python.org>
<https://bugs.python.org/issue35907>
_______________________________________
More information about the Python-bugs-list
mailing list