hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
codeql-cli-2.21.4
codeql/python/ql/test/query-tests/Security/CWE-918-ServerSideRequestForgery/options
Rasmus Wriedt Larsen 1cc5e54357 Python: Add SSRF queries 
I've added 2 queries:

- one that detects full SSRF, where an attacker can control the full URL,
  which is always bad
- and one for partial SSRF, where an attacker can control parts of an
  URL (such as the path, query parameters, or fragment), which is not a
  big problem in many cases (but might still be exploitable)

full SSRF should run by default, and partial SSRF should not (but makes
it easy to see the other results).

Some elements of the full SSRF queries needs a bit more polishing, like
being able to detect `"https://" + user_input` is in fact controlling
the full URL.
2021-12-16 01:48:34 +01:00

2 lines
56 B
Plaintext
Raw Permalink Blame History

semmle-extractor-options: --lang=3 --max-import-depth=1
Reference in New Issue View Git Blame Copy Permalink