From 9df8ca0d8104c5f474dd5184b69446bbb1515242 Mon Sep 17 00:00:00 2001
From: Federico Ceratto <federico.ceratto@gmail.com>
Date: Mon, 20 Mar 2023 17:51:58 +0000
Subject: Add URI parsing warning (#21547)

Related to CVE-2021-41259
https://github.com/nim-lang/security/security/advisories/GHSA-3gg2-rw3q-qwgc
https://github.com/nim-lang/Nim/pull/19128#issuecomment-1181944367
---
 lib/pure/httpclient.nim | 2 ++
 lib/pure/uri.nim        | 2 ++
 2 files changed, 4 insertions(+)

(limited to 'lib')

diff --git a/lib/pure/httpclient.nim b/lib/pure/httpclient.nim
index d2cf64149..fd0ef3856 100644
--- a/lib/pure/httpclient.nim
+++ b/lib/pure/httpclient.nim
@@ -10,6 +10,8 @@
 ## This module implements a simple HTTP client that can be used to retrieve
 ## webpages and other data.
 ##
+## .. warning:: Validate untrusted inputs: URI parsers and getters are not detecting malicious URIs.
+##
 ## Retrieving a website
 ## ====================
 ##
diff --git a/lib/pure/uri.nim b/lib/pure/uri.nim
index ebc8b90ef..725d5bbd9 100644
--- a/lib/pure/uri.nim
+++ b/lib/pure/uri.nim
@@ -14,6 +14,8 @@
 ## as a locator, a name, or both. The term "Uniform Resource Locator"
 ## (URL) refers to the subset of URIs.
 ##
+## .. warning:: URI parsers in this module do not perform security validation.
+##
 ## # Basic usage
 
 
-- 
cgit 1.4.1-2-gfad0