Tainted flow: 'url' from os.environ.get (line 193, credential/environment) → urllib.request.urlopen (network output)
Critical
- Category
- Data Flow
- Content
sep = "&" if "?" in uri else "?" url = f"{uri}{sep}key={API_KEY}" try: with urllib.request.urlopen(urllib.request.Request(url), timeout=120) as r: out.write_bytes(r.read()) mb = out.stat().st_size / 1_048_576 print(f" ✅ {out.name} ({mb:.1f}MB)")- Confidence
- 91% confidence
- Finding
- with urllib.request.urlopen(urllib.request.Request(url), timeout=120) as r: