hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-03-04 06:36:46 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13097 from egregius313/egregius313/java/webgoat/ssrf-regex-fix

Browse Source 
Java: Add constraint to `HostnameSanitizingPrefix` to prevent false negatives in SSRF queries
This commit is contained in:
Edward Minnix III
2023-05-23 10:50:43 -04:00
committed by GitHub
parent ee36d32ef0 2d69f81d85
commit 52340802bb
3 changed files with 9 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
java/ql/lib/semmle/code/java/security/RequestForgery.qll
View File

@@ -79,10 +79,7 @@ private class HostnameSanitizingPrefix extends InterestingPrefix {
// the host or entity addressed: for example, anything containing `?` or `#`, or a slash that
// doesn't appear to be a protocol specifier (e.g. `http://` is not sanitizing), or specifically
// the string "/".
exists(
this.getStringValue()
.regexpFind(".*([?#]|[^?#:/\\\\][/\\\\]).*|[/\\\\][^/\\\\].*|^/$", 0, offset)
)
exists(this.getStringValue().regexpFind("([?#]|[^?#:/\\\\][/\\\\])|^/$", 0, offset))
}
override int getOffset() { result = offset }