Malicious user can trigger recursion overflow #393
Description
The configuration merge algorithm introduced in #390 does not have a safeguard against a maliciously introduced recursion attack.
will recurs until recursion depth exception is reached when a specific config file is constructed, for example:
dict1 = { 'foo': { 'foo' : 'bar'}}
dict2 = { 'foo': {'foo': {'foo': {'foo' .........}}}}}
When dict to is an "endlessly" nested dict with the same key the algorithm will eventually reach the recursion depth limit and trigger a traceback.
We should have a recursion depth limit counter and when reached break out of the recursive loop.
It may also make sense to only accept known values in the configuration.