tuf's Metadata API: Targets.get_delegated_role() is missing input validation
The security of both a TUF client and repository implementations depend on the concept of trusted Metadata objects verifying the signatures over other Metadata that it delegates to. This verification process uses Targets.get_delegated_role(delegated_role: str) to find the delegation information. tuf.api.metadata.Targets.get_delegated_role() should ensure that the given delegated_rolename is actually a name of a role that is delegated by that Targets, but in the case of "succinct delegation" this does not happen. …