AST-11: _dispatch_request Returns String on Invalid HTTP Method
Severity: LOW
Affected File(s): aster/api.py:150
Description
The HTTP method dispatcher uses .get() with a string default 'GET' instead of self.session.get. An invalid method produces TypeError: 'str' object is not callable.
Vulnerable Code
return {"GET": self.session.get, ...}.get(http_method, "GET")
Impact
Unhelpful error message on invalid HTTP method. Low practical impact since methods are hardcoded.
Recommended Fix
}.get(http_method, self.session.get)
Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.
Researcher: Independent Security Researcher -- Mefai Security Team
AST-11: _dispatch_request Returns String on Invalid HTTP Method
Severity: LOW
Affected File(s):
aster/api.py:150Description
The HTTP method dispatcher uses .get() with a string default 'GET' instead of self.session.get. An invalid method produces TypeError: 'str' object is not callable.
Vulnerable Code
Impact
Unhelpful error message on invalid HTTP method. Low practical impact since methods are hardcoded.
Recommended Fix
}.get(http_method, self.session.get)
Methodology: Triple-verification static analysis -- each finding verified across three independent code review passes.
Researcher: Independent Security Researcher -- Mefai Security Team