MRuecklCC
commented
2 years ago This should be fixable, by turning the input URL from str to HttpUrl, essentialy prohibiting arbitrary command line inputs.
Closed MRuecklCC closed 2 years ago
MRuecklCC
commented
2 years ago This should be fixable, by turning the input URL from str to HttpUrl, essentialy prohibiting arbitrary command line inputs.
MRuecklCC
commented
2 years ago While the initially reported problem is fixed, the current approach can still be exploited by providing invalid strategy or category values funny enough, those were not detected by the code quality scan.
Tracking issue for: