hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

JS: Partial SSRF does not select the sink location

Browse Source
This commit is contained in:
Asger F
2025-02-06 11:30:32 +01:00
parent 7d6abb4e0a
commit d3b9d1d89d
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
View File

@@ -68,8 +68,7 @@ private module PartialServerSideRequestForgeryConfig implements DataFlow::Config
predicate observeDiffInformedIncrementalMode() { any() }
Location getASelectedSinkLocation(DataFlow::Node sink) {
result = sink.(Sink).getLocation()
or
// Note: this query does not select the sink itself
result = sink.(Sink).getRequest().getLocation()
}
}