hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 01:35:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Partial URLs should not sanitize against SSRF

Browse Source 
As an example:

```go
	urlPath := ctx.Req.URL.Path
	hash := urlPath[strings.LastIndex(urlPath, "/")+1:]
        req, _ := http.NewRequest("GET", source+hash, nil)
```
This commit is contained in:
Alvaro Muñoz
2022-08-11 16:43:03 +02:00
committed by Owen Mansel-Chan
parent 15d5ad7a66
commit 8bf4b55309
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
go/ql/lib/semmle/go/security/SafeUrlFlowCustomizations.qll
View File

@@ -35,4 +35,10 @@ module SafeUrlFlow {
private class UnsafeUrlMethodEdge extends SanitizerEdge {
UnsafeUrlMethodEdge() { this = any(UnsafeUrlMethod um).getACall().getReceiver() }
}
/** Any slicing of the URL, considered as a sanitizer for safe URL flow. */
private class StringSlicingEdge extends SanitizerEdge {
StringSlicingEdge() { this = any(DataFlow::SliceNode sn) }
}
}