search

alexgolec / tda-api

A TD Ameritrade API client for Python. Includes historical data for equities and ETFs, options chains, streaming order book data, complex order construction, and more.
https://tda-api.readthedocs.io
MIT License
1.26k stars 335 forks source link

Security flaw example. #317

Closed BillSchumacher closed 2 years ago

BillSchumacher commented 2 years ago

@alexgolec As you can see if you run your test suite I'm executing code arbitrarily on your system, this is a huge problem.

BillSchumacher commented 2 years ago 

 35       .add_option_leg(OptionInstruction.SELL_TO_CLOSE, "AEO_082021C35", 2.0)
 36   )
 37   
I'm a bad d00d3r

--------------------- >> end captured stdout << ----------------------

----------------------------------------------------------------------
Ran 740 tests in 2.430s