Skip to content

Replace urllib with requests to Restrict Unsafe Protocol Handling #14226

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Tanmaykaturi wants to merge 2 commits into from
Closed

Replace urllib with requests to Restrict Unsafe Protocol Handling #14226

Tanmaykaturi wants to merge 2 commits into from
+4 −4

Conversation

@Tanmaykaturi
Copy link

@Tanmaykaturi Tanmaykaturi commented Jan 30, 2026
edited
Loading

Describe your change:

  • Fix a bug or typo in an existing algorithm?

"Fixes #ISSUE-NUMBER".
This PR replaces the use of urllib.request.urlopen() with requests.get() for fetching the dataset URL.
While the current URL is hardcoded and safe, urllib supports additional protocols such as file:// and ftp://. If the URL ever becomes dynamic or user-controlled in the future, this could introduce a risk of unintended local file access or data exposure.The requests library only allows http:// and https:// by default, which helps prevent entire classes of protocol-based vulnerabilities. This change improves security posture through defense-in-depth while preserving identical functionality for valid web requests.This update is a proactive, preventive security improvement aligned with best practices.

root and others added 2 commits January 30, 2026 05:35
@algorithms-keeper
Copy link

algorithms-keeper bot commented Jan 30, 2026

Closing this pull request as invalid

@Tanmaykaturi, this pull request is being closed as none of the checkboxes have been marked. It is important that you go through the checklist and mark the ones relevant to this pull request. Please read the Contributing guidelines.

If you're facing any problem on how to mark a checkbox, please read the following instructions:

  • Read a point one at a time and think if it is relevant to the pull request or not.
  • If it is, then mark it by putting a x between the square bracket like so: [x]

NOTE: Only [x] is supported so if you have put any other letter or symbol between the brackets, that will be marked as invalid. If that is the case then please open a new pull request with the appropriate changes.

@algorithms-keeper algorithms-keeper bot added the awaiting reviews This PR is ready to be reviewed label Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

awaiting reviews This PR is ready to be reviewed invalid

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Tanmaykaturi