bandit1.7.0

S310 Audit url open for permitted schemes. Allowing use of file:/ or custom schemes is often unexpected.

  • urllib.urlopen
  • urllib.request.urlopen
  • urllib.urlretrieve
  • urllib.request.urlretrieve
  • urllib.URLopener
  • urllib.request.URLopener
  • urllib.FancyURLopener
  • urllib.request.FancyURLopener
  • urllib2.urlopen
  • urllib2.Request
  • six.moves.urllib.request.urlopen
  • six.moves.urllib.request.urlretrieve
  • six.moves.urllib.request.URLopener
  • six.moves.urllib.request.FancyURLopener