lywsvip/OpenBB
1
0
Fork 0
mirror of https://github.com/OpenBB-finance/OpenBB.git synced 2026-05-22 14:36:47 +08:00
Code Issues Packages Projects Releases Wiki Activity
Files
0479f7324f9617a67eb5ceec478d12d2759040ed
OpenBB/cli/openbb_cli/controllers
History
T Arjun 0479f7324f fix(cli): replace eval with ast.literal_eval in parse_unknown_args_to_dict (#7390) 
eval() on unsanitized CLI input allowed arbitrary code execution via
crafted --key payloads. ast.literal_eval is a safe drop-in that only
parses Python literals and raises ValueError/SyntaxError on expressions.
Also narrows the except clause and fixes the fallback key stripping bug.

Co-authored-by: Danglewood <85772166+deeleeramone@users.noreply.github.com>
2026-03-04 16:17:44 +00:00
..
base_controller.py
[Feature] Remove Account Module and HubService (#7236)
2025-10-11 22:53:06 +00:00
base_platform_controller.py
fix(cli): move custom Field kwargs to json_schema_extra for mypy compatibility (#7362)
2026-02-18 02:36:20 +00:00
choices.py
[Feature] Remove Python 3.9 (#7235)
2025-10-10 23:16:16 +00:00
cli_controller.py
[Feature] Remove Account Module and HubService (#7236)
2025-10-11 22:53:06 +00:00
platform_controller_factory.py
[Feature] Remove Python 3.9 (#7235)
2025-10-10 23:16:16 +00:00
script_parser.py
[Feature] Remove Python 3.9 (#7235)
2025-10-10 23:16:16 +00:00
settings_controller.py
fix(cli): move custom Field kwargs to json_schema_extra for mypy compatibility (#7362)
2026-02-18 02:36:20 +00:00
utils.py
fix(cli): replace eval with ast.literal_eval in parse_unknown_args_to_dict (#7390)
2026-03-04 16:17:44 +00:00