codeql

hohn/codeql

Fork 0

mirror of https://github.com/github/codeql.git synced 2025-12-18 18:10:39 +01:00

Commit Graph

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	1cc5e54357	Python: Add SSRF queries I've added 2 queries: - one that detects full SSRF, where an attacker can control the full URL, which is always bad - and one for partial SSRF, where an attacker can control parts of an URL (such as the path, query parameters, or fragment), which is not a big problem in many cases (but might still be exploitable) full SSRF should run by default, and partial SSRF should not (but makes it easy to see the other results). Some elements of the full SSRF queries needs a bit more polishing, like being able to detect `"https://" + user_input` is in fact controlling the full URL.	2021-12-16 01:48:34 +01:00

Author

SHA1

Message

Date

Rasmus Wriedt Larsen

1cc5e54357

Python: Add SSRF queries

I've added 2 queries:

- one that detects full SSRF, where an attacker can control the full URL,
  which is always bad
- and one for partial SSRF, where an attacker can control parts of an
  URL (such as the path, query parameters, or fragment), which is not a
  big problem in many cases (but might still be exploitable)

full SSRF should run by default, and partial SSRF should not (but makes
it easy to see the other results).

Some elements of the full SSRF queries needs a bit more polishing, like
being able to detect `"https://" + user_input` is in fact controlling
the full URL.

2021-12-16 01:48:34 +01:00

1 Commits