T Arjun 0479f7324f fix(cli): replace eval with ast.literal_eval in parse_unknown_args_to_dict (#7390) ...

eval() on unsanitized CLI input allowed arbitrary code execution via
crafted --key payloads. ast.literal_eval is a safe drop-in that only
parses Python literals and raises ValueError/SyntaxError on expressions.
Also narrows the except clause and fixes the fallback key stripping bug.

Co-authored-by: Danglewood <85772166+deeleeramone@users.noreply.github.com>

2026-03-04 16:17:44 +00:00

..

argparse_translator

[Feature] Add Support For Python 3.14 (#7349)

2026-02-18 00:40:18 +00:00

assets

[Feature] Remove i18n (#6390)

2024-05-10 22:07:43 +00:00

config

[Feature] Remove Python 3.9 (#7235)

2025-10-10 23:16:16 +00:00

controllers

fix(cli): replace eval with ast.literal_eval in parse_unknown_args_to_dict (#7390)

2026-03-04 16:17:44 +00:00

models

fix(cli): move custom Field kwargs to json_schema_extra for mypy compatibility (#7362)

2026-02-18 02:36:20 +00:00

utils

[Feature] CLI logging (#6487)

2024-06-07 10:57:23 +00:00

__init__.py

…

cli.py

[Feature] Remove Python 3.9 (#7235)

2025-10-10 23:16:16 +00:00

session.py

[Feature] Remove Account Module and HubService (#7236)

2025-10-11 22:53:06 +00:00