hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-01-06 19:20:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #14158 from RasmusWL/fix-ssrf-example

Browse Source 
Python: Fix typo in SSRF example
This commit is contained in:
Rasmus Wriedt Larsen
2023-09-07 10:22:21 +02:00
committed by GitHub
parent 334502a3de c85ea9a0c0
commit d4c3dfffec
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
python/ql/src/Security/CWE-918/examples/ServerSideRequestForgery_full.py
View File

@@ -8,8 +8,8 @@ def full_ssrf():
target = request.args["target"]
# BAD: user has full control of URL
resp = request.get("https://" + target + ".example.com/data/")
resp = requests.get("https://" + target + ".example.com/data/")
# GOOD: `subdomain` is controlled by the server.
subdomain = "europe" if target == "EU" else "world"
resp = request.get("https://" + subdomain + ".example.com/data/")
resp = requests.get("https://" + subdomain + ".example.com/data/")