From cdca5598bad4ae5c9437ffa05db2424495a7464e Mon Sep 17 00:00:00 2001 From: Stan Ulbrych Date: Sun, 22 Mar 2026 11:13:14 +0000 Subject: [PATCH] Add a warning about untrusted input to `configparser` docs --- Doc/library/configparser.rst | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/Doc/library/configparser.rst b/Doc/library/configparser.rst index 4c1750de1d3933..4d720176fcc334 100644 --- a/Doc/library/configparser.rst +++ b/Doc/library/configparser.rst @@ -24,6 +24,11 @@ can be customized by end users easily. This library does *not* interpret or write the value-type prefixes used in the Windows Registry extended version of INI syntax. +.. warning:: + Be cautious when parsing data from untrusted sources. A malicious + INI file may cause the decoder to consume considerable CPU and memory + resources. Limiting the size of data to be parsed is recommended. + .. seealso:: Module :mod:`tomllib`