Improper Authorization in Handler for Custom URL Scheme
Description
The application is passing a non-literal value to the `urllib` methods which issue requests. `urllib` supports the `file://` scheme, which may allow an adversary who can control the URL value to read arbitrary files on the file system.
Examples
Insecure Code
python
urllib.urlopen(url)
urllib.request.urlopen(url)Secure Code
python
import requests
response = requests.get('https://example.com', timeout=10)Remediation
Hardcode the URLs being used in `urllib` or use the `requests` module instead.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0171 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-939 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | injection, custom URL scheme |
| OWASP | A1:2017-Injection, A03:2021-Injection |