Tainted flow: 'url' from os.environ.get (line 111, credential/environment) → requests.post (network output)
Critical
- Category
- Data Flow
- Content
def post(self, action: str, version: str, body: dict) -> dict: body_str = json.dumps(body, ensure_ascii=False) url, headers = self._sign("POST", action, version, {}, body_str) r = requests.post(url, headers=headers, data=body_str.encode(), timeout=_HTTP_TIMEOUT) self._check(r) return r.json()- Confidence
- 93% confidence
- Finding
- r = requests.post(url, headers=headers, data=body_str.encode(), timeout=_HTTP_TIMEOUT)