mirror of
https://github.com/github/codeql.git
synced 2025-12-24 04:36:35 +01:00
Java SSRF query: Server Side -> Server-Side everywhere.
This commit is contained in:
Chris Smowton
@@ -6,7 +6,7 @@
|
||||
|
||||
<overview>
|
||||
<p>Directly incorporating user input into an HTTP request without validating the input
|
||||
can facilitate Server Side Request Forgery (SSRF) attacks. In these attacks, the server
|
||||
can facilitate Server-Side Request Forgery (SSRF) attacks. In these attacks, the server
|
||||
may be tricked into making a request and interacting with an attacker-controlled server.
|
||||
</p>
|
||||
|
||||
|
||||
@@ -1,5 +1,5 @@
|
||||
/**
|
||||
* @name Server Side Request Forgery (SSRF)
|
||||
* @name Server-Side Request Forgery (SSRF)
|
||||
* @description Making web requests based on unvalidated user-input
|
||||
* may cause server to communicate with malicious servers.
|
||||
* @kind path-problem
|
||||
@@ -16,7 +16,7 @@ import semmle.code.java.security.RequestForgery
|
||||
import DataFlow::PathGraph
|
||||
|
||||
class RequestForgeryConfiguration extends TaintTracking::Configuration {
|
||||
RequestForgeryConfiguration() { this = "Server Side Request Forgery" }
|
||||
RequestForgeryConfiguration() { this = "Server-Side Request Forgery" }
|
||||
|
||||
override predicate isSource(DataFlow::Node source) {
|
||||
source instanceof RemoteFlowSource and
|
||||
@@ -37,5 +37,5 @@ class RequestForgeryConfiguration extends TaintTracking::Configuration {
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, RequestForgeryConfiguration conf
|
||||
where conf.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink, "Potential server side request forgery due to $@.",
|
||||
select sink.getNode(), source, sink, "Potential server-side request forgery due to $@.",
|
||||
source.getNode(), "a user-provided value"
|
||||
|
||||
Reference in New Issue
Block a user