WA-VERIFY-105: Audit open-uri usage (URI.open / OpenURI / open('http'))

## Summary
Audit for open-uri usage (`URI.open`, `OpenURI`) and direct URL `open()` calls.

## Approach
Run:
```bash
rg -n "\\bURI\\.open\\b|\\bOpenURI\\b|open\\(\\s*['\"]https?://" --glob "*.rb"
```
For each call site:
- Confirm inputs are trusted / not user-controlled
- Ensure timeouts are set
- Prefer explicit HTTP clients (Net::HTTP / Faraday) with timeouts and allowlists when fetching remote resources

If this audit finds real usage in production code, open follow-up issues for each substantive remediation.

## Acceptance Criteria
- [ ] No user-controlled URL fetches via open-uri
- [ ] Any remaining open-uri usage is documented and has explicit timeouts/allowlists
- [ ] Tests pass (default appraisal)

## Verification Plan
- Update call sites or document them
- Run relevant tests for the code paths touched

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

WA-VERIFY-105: Audit open-uri usage (URI.open / OpenURI / open('http')) #1113

Summary

Approach

Acceptance Criteria

Verification Plan

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

WA-VERIFY-105: Audit open-uri usage (URI.open / OpenURI / open('http')) #1113

Description

Summary

Approach

Acceptance Criteria

Verification Plan

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions