Arbitrary URI Handling in benchmark-local.py

[fasrm]

The --ollama-url argument is passed directly to urllib.request.urlopen() without scheme or host validation.

Experimental testing confirmed:

HTTP requests;

• FTP connections;
• Local file access via file://;
• Attempts to reach cloud metadata endpoints.

No practical path to remote code execution or data exfiltration was demonstrated.

Impact is low in normal developer workflows, but the issue may become more relevant when benchmark execution is automated or exposed through CI/CD systems

[DietrichGebert]

Good catch, and fair scoping.

You're right it's unvalidated: --ollama-url flows straight into urllib.request.urlopen, so file:// and ftp:// go through. Impact is low since it's a local dev benchmark where you supply your own URL, no untrusted input crosses a boundary, but it's cheap to close and you're right that CI/automation changes the calculus.

Fix is a scheme allowlist (http/https only) at parse time. Going to add it. Leaving open until it's in.