mirror of
https://github.com/Screenly/Anthias.git
synced 2026-06-13 10:44:18 -04:00
1670fadb05
The same alert appeared on anthias_common.utils.url_fails after the prior two queries were filtered. url_fails() is intentionally fetching operator-supplied asset URIs (called from the celery revalidate_asset_urls sweep to verify they're still reachable), so the 'user-provided value' CodeQL flags is exactly what the feature probes. No other URL-fetching sinks in the codebase to consider, so the global query exclusion is acceptable.