Skip to content

Commit

Permalink
docs: Add Security comment (SSRF)
Browse files Browse the repository at this point in the history
  • Loading branch information
@jpmckinney
jpmckinney committed Oct 21, 2024
1 parent b95ba7a commit e699d8b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions ocdskit/combine.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -195,6 +195,7 @@ def merge(
tag = get_ocds_patch_tag(packager.version)
if packager.package['extensions']:
# `extensions` is an insertion-ordered dict at this point.
# Security: Potential SSRF via extension URLs.
builder = ProfileBuilder(tag, list(packager.package['extensions']))
schema = builder.patched_release_schema()
else:
Expand Down

0 comments on commit e699d8b

Please sign in to comment.