This check looks for non-literal URLs in
click.launch(), which could direct a browser to a malicious site.
click.launch() will open a browser to the given website. This can be dangerous if the site is not known and trusted. This check will detect where non-literal urls are used as an argument to
The check will fire in the following cases:
## Variable in click.launch import click click.launch(x) from click import launch launch(x) ## Import aliasing import click as c c.launch(x) from click import launch as cli_launch cli_launch(x) ## As a keyword argument import click click.launch(url=x)
This check considers the following cases acceptable:
## Literal string in launch import click click.launch("https://google.com") ## As a keyword argument from click import launch launch(url="https://bing.com")