Add a query for server-side request forgery

2026-04-22 15:25:18 +02:00 · 2021-10-22 13:29:11 +01:00
parent cd33e4d394
commit dc464879a2
6 changed files with 134 additions and 0 deletions
--- a/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
+++ b/ruby/ql/src/queries/security/cwe-918/ServerSideRequestForgery.ql
@@ -0,0 +1,24 @@
+/**
+ * @name Server Side Request Forgery
+ * @description Making a request to a URL that is controlled by user input
+ *              can allow an attacker to forge requests to internal services.
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity TODO
+ * @precision medium
+ * @id rb/server-side-request-forgery
+ * @tags security
+ *       external/cwe/cwe-918
+ */
+
+import ruby
+import codeql.ruby.Concepts
+import codeql.ruby.DataFlow
+import codeql.ruby.TaintTracking
+import codeql.ruby.dataflow.RemoteFlowSources
+import codeql.ruby.security.ServerSideRequestForgeryQuery
+
+from Configuration config, DataFlow::PathNode source, DataFlow::PathNode sink
+where config.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "Untrusted HTTP request due to $@.", source.getNode(),
+  "a user-provided value"