codeql

mirror of https://github.com/github/codeql.git synced 2026-02-20 08:53:49 +01:00

Author	SHA1	Message	Date
Rasmus Wriedt Larsen	c85ea9a0c0	Python: Fix typo in SSRF example	2023-09-07 09:45:02 +02:00
Rasmus Wriedt Larsen	657b1997cc	Python: Move `FullServerSideRequestForgery` and `PartialServerSideRequestForgery` to new dataflow API	2023-08-28 15:27:50 +02:00
erik-krogh	944ca4a0da	fix some more style-guide violations in the alert-messages	2022-10-07 11:23:34 +02:00
erik-krogh	26d8553f6e	ensure consistent casing of names	2022-09-09 10:34:14 +02:00
Rasmus Wriedt Larsen	695553ba9f	Python: Deprecate old non-Query.qll dataflow defs	2022-03-21 15:03:22 +01:00
Rasmus Wriedt Larsen	83f1b2ca5d	Python: Add SSRF qhelp I included examples of both types in the qhelp of both queries, to provide context of what each of them actually are.	2021-12-17 11:48:26 +01:00
Rasmus Wriedt Larsen	4b5599fe17	Python: Improve full/partial SSRF split Now full-ssrf will only alert if all URL parts are fully user-controlled.	2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen	cb934e17b1	Python: Adjust SSRF location to request call Since that might not be the same place where the vulnerable URL part is.	2021-12-16 22:48:51 +01:00
Rasmus Wriedt Larsen	1cc5e54357	Python: Add SSRF queries I've added 2 queries: - one that detects full SSRF, where an attacker can control the full URL, which is always bad - and one for partial SSRF, where an attacker can control parts of an URL (such as the path, query parameters, or fragment), which is not a big problem in many cases (but might still be exploitable) full SSRF should run by default, and partial SSRF should not (but makes it easy to see the other results). Some elements of the full SSRF queries needs a bit more polishing, like being able to detect `"https://" + user_input` is in fact controlling the full URL.	2021-12-16 01:48:34 +01:00

9 Commits