hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Fix typo in SSRF example

Browse Source
This commit is contained in:
Rasmus Wriedt Larsen
2023-09-07 09:45:02 +02:00
parent 49f5d38956
commit c85ea9a0c0
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py
View File

@@ -8,8 +8,8 @@ def full_ssrf():
target = request.args["target"] target = request.args["target"]
# BAD: user has full control of URL # BAD: user has full control of URL
resp = request.get("https://" + target + ".example.com/data/") resp = requests.get("https://" + target + ".example.com/data/")
# GOOD: `subdomain` is controlled by the server. # GOOD: `subdomain` is controlled by the server.
subdomain = "europe" if target == "EU" else "world" subdomain = "europe" if target == "EU" else "world"
resp = request.get("https://" + subdomain + ".example.com/data/") resp = requests.get("https://" + subdomain + ".example.com/data/")