hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-05 21:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13097 from egregius313/egregius313/java/webgoat/ssrf-regex-fix

Browse Source 
Java: Add constraint to `HostnameSanitizingPrefix` to prevent false negatives in SSRF queries
This commit is contained in:
Edward Minnix III
2023-05-23 10:50:43 -04:00
committed by GitHub
parent ee36d32ef0 2d69f81d85
commit 52340802bb
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/change-notes/2023-05-17-change-hostnamesanitizingprefix-regex.md Normal file
View File

@@ -0,0 +1,5 @@
---
category: minorAnalysis
---
* Updated the regular expression in the `HostnameSanitizer` sanitizer in the `semmle.code.java.security.RequestForgery` library to better detect strings prefixed with a hostname.