Derived from the flake8-bandit linter.
What it does#
Checks for uses of URL open functions that unexpected schemes.
Why is this bad?#
Some URL open functions allow the use of
file: or custom schemes (for use
https:). An attacker may be able to use these
schemes to access or modify unauthorized resources, and cause unexpected
To mitigate this risk, audit all uses of URL open functions and ensure that
only permitted schemes are used (e.g., allowing