Skip to content

Replace urllib with requests to Restrict Unsafe Protocol Handling #14227

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
Tanmaykaturi wants to merge 2 commits into
base: master
Choose a base branch
from
Open

Replace urllib with requests to Restrict Unsafe Protocol Handling #14227

Tanmaykaturi wants to merge 2 commits into from
+4 −4

Conversation

@Tanmaykaturi
Copy link

@Tanmaykaturi Tanmaykaturi commented Jan 30, 2026

Describe your change:

  • Add an algorithm?
  • Fix a bug or typo in an existing algorithm?
  • Add or change doctests? -- Note: Please avoid changing both code and tests in a single pull request.
  • Documentation change?

Checklist:

  • I have read CONTRIBUTING.md.
  • This pull request is all my own work -- I have not plagiarized.
  • I know that pull requests will not be merged if they fail the automated tests.
  • This PR only changes one algorithm file. To ease review, please open separate PRs for separate algorithms.
  • All new Python files are placed inside an existing directory.
  • All filenames are in all lowercase characters with no spaces or dashes.
  • All functions and variable names follow Python naming conventions.
  • All function parameters and return values are annotated with Python type hints.
  • [] All functions have doctests that pass the automated testing.
  • [] All new algorithms include at least one URL that points to Wikipedia or another similar explanation.
  • If this pull request resolves one or more open issues then the description above includes the issue number(s) with a closing keyword: "Fixes #ISSUE-NUMBER".
    This PR replaces the use of urllib.request.urlopen() with requests.get() for fetching the dataset URL.While the current URL is hardcoded and safe, urllib supports additional protocols such as file:// and ftp://. If the URL ever becomes dynamic or user-controlled in the future, this could introduce a risk of unintended local file access or data exposure.The requests library only allows http:// and https:// by default, which helps prevent entire classes ofprotocol-based vulnerabilities. This change improves security posture through defense-in-depth while preserving identical functionality for valid web requests.

root and others added 2 commits January 30, 2026 05:35
@algorithms-keeper algorithms-keeper bot added enhancement This PR modified some existing files awaiting reviews This PR is ready to be reviewed tests are failing Do not merge until tests pass labels Jan 30, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@mindaugl mindaugl mindaugl approved these changes

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

awaiting reviews This PR is ready to be reviewed enhancement This PR modified some existing files tests are failing Do not merge until tests pass

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Tanmaykaturi @mindaugl