hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-20 18:56:32 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
alexet/avoid-path-node-java
codeql/ruby/ql/test/query-tests/security/cwe-918/ServerSideRequestForgery.rb
thiggy1342 4c3e3e442a Add Faraday::Connection.new as sink for SSRF query
2022-10-20 20:32:08 +00:00

33 lines
1.2 KiB
Ruby
Raw Permalink Blame History

require "excon"
require "faraday"
require "json"
class PostsController < ActionController::Base
def create
user = params[:user_id]
# BAD - user can control the entire URL of the request
users_service_domain = params[:users_service_domain]
response = Excon.post("#{users_service_domain}/logins", body: {user_id: user}).body
token = JSON.parse(response)["token"]
# BAD - user can control the entire URL for the request using Faraday library
conn = Faraday.new(url: params[:url])
resp = conn.post
token = JSON.parse(resp)["token"]
# BAD - user can control the entire URL for the request using Faraday::Connection library
conn = Faraday::Connection.new(url: params[:url])
resp = conn.post
token = JSON.parse(resp)["token"]
# GOOD - user can only control the suffix of the URL
users_service_path = params[:users_service_path]
response = Excon.post("users-service/#{users_service_path}", body: {user_id: user}).body
token = JSON.parse(response)["token"]
@post = Post.create(params[:post].merge(user_token: token))
render @post
end
end
Reference in New Issue View Git Blame Copy Permalink