hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #18153 from owen-mc/java/resttemplate-getforobject

Browse Source 
Java: add SSRF sink model for the third parameter of `RestTemplate.getForObject`
This commit is contained in:
Owen Mansel-Chan
2024-12-11 16:37:35 +00:00
committed by GitHub
parent 538dee81b6 1420bce36a
commit 066db766ef
4 changed files with 99 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2024-11-28-model-resttemplate-getforobject-third-parameter.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added a sink for "Server-side request forgery" (`java/ssrf`) for the third parameter to org.springframework.web.client.RestTemplate.getForObject, when we cannot statically determine that it does not affect the host in the URL.