Add URI parsing warning (#21547)

Related to CVE-2021-41259 https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc https://github.com/nim-lang/Nim/pull/19128#issuecomment-1181944367
author: Federico Ceratto <federico.ceratto@gmail.com> 2023-03-20 17:51:58 +0000
committer: GitHub <noreply@github.com> 2023-03-20 18:51:58 +0100
commit: 9df8ca0d8104c5f474dd5184b69446bbb1515242 (patch)
tree: 1d3b38a77a138d5db6f3ca7d9ebd966f8d4c6f41 /lib
parent: da7833c68bd8a3fea4b380e2a0e84753812450fe (diff)
download: Nim-9df8ca0d8104c5f474dd5184b69446bbb1515242.tar.gz
2 files changed, 4 insertions, 0 deletions
diff --git a/lib/pure/httpclient.nim b/lib/pure/httpclient.nim
index d2cf64149..fd0ef3856 100644
--- a/lib/pure/httpclient.nim
+++ b/lib/pure/httpclient.nim
@@ -10,6 +10,8 @@
 ## This module implements a simple HTTP client that can be used to retrieve
 ## webpages and other data.
 ##
+## .. warning:: Validate untrusted inputs: URI parsers and getters are not detecting malicious URIs.
+##
 ## Retrieving a website
 ## ====================
 ##
diff --git a/lib/pure/uri.nim b/lib/pure/uri.nim
index ebc8b90ef..725d5bbd9 100644
--- a/lib/pure/uri.nim
+++ b/lib/pure/uri.nim
@@ -14,6 +14,8 @@
 ## as a locator, a name, or both. The term "Uniform Resource Locator"
 ## (URL) refers to the subset of URIs.
 ##
+## .. warning:: URI parsers in this module do not perform security validation.
+##
 ## # Basic usage
author	Federico Ceratto <federico.ceratto@gmail.com>	2023-03-20 17:51:58 +0000
committer	GitHub <noreply@github.com>	2023-03-20 18:51:58 +0100
commit	9df8ca0d8104c5f474dd5184b69446bbb1515242 (patch)
tree	1d3b38a77a138d5db6f3ca7d9ebd966f8d4c6f41 /lib
parent	da7833c68bd8a3fea4b380e2a0e84753812450fe (diff)
download	Nim-9df8ca0d8104c5f474dd5184b69446bbb1515242.tar.gz