Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bandit flags urlopen in json_validator.py #156

Open
MrCreosote opened this issue Jul 27, 2022 · 0 comments
Open

Bandit flags urlopen in json_validator.py #156

MrCreosote opened this issue Jul 27, 2022 · 0 comments
Labels

Comments

@MrCreosote
Copy link
Member

After switching the urlopen and urlsplit imports in json_validation.py from jsonschema.compat (which was internal-only and is now removed) to urllib, bandit complains about using urlopen without rigorously checking the url schema. The only reason it didn't before is due to the indirect import in jsonschema.compat.

For now, I'm just going to mark it as # nosec but we should determine which schemas we need and alter the function to just support those.

@MrCreosote MrCreosote changed the title Bandit flags urlopen in the json_validator.py Bandit flags urlopen in json_validator.py Jul 27, 2022
@MrCreosote MrCreosote mentioned this issue Jul 27, 2022
2 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

1 participant