mirror of
https://github.com/github/codeql.git
synced 2026-07-09 05:25:32 +02:00
Update java/ql/lib/change-notes/2026-06-30-spring-webclient-uri-ssrf.md
Update change note to be more technically accurate Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
This commit is contained in:
@@ -1,4 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* The `uri` method of Spring's reactive `WebClient` is now considered a request forgery sink. Previously only the `create` and `baseUrl` methods were considered. This may lead to more alerts for the query `java/ssrf` (Server-side request forgery).
|
||||
* The first argument of the `uri` method of `WebClient$UriSpec` in `org.springframework.web.reactive.function.client` is now considered a request forgery sink. Previously only the first arguments of the `WebClient.create` and `WebClient$Builder.baseUrl` methods were considered. This may lead to more alerts for the query `java/ssrf` (Server-side request forgery).
|
||||
|
||||
Reference in New Issue
Block a user