hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/NewOverlayLocalJava
codeql/rust/ql/test/query-tests/security/CWE-311/main.rs
Simon Friis Vindum 4de69c70a8 Rust: Add cleartext transmission query
2025-03-13 08:45:36 +01:00

45 lines
1.6 KiB
Rust
Raw Permalink Blame History

use http::Method;
use url::Url;
fn get_with_password_in_url() {
let password = "Hunter12";
let url = format!("example.com?password={}", password); // $ Source
reqwest::blocking::get(url).unwrap().text().unwrap(); // $ Alert[rust/cleartext-transmission]
}
fn get_with_password_in_constructed_url() {
let password = "Hunter12";
let address = format!("example.com?password={password}"); // $ Source
let url = Url::parse(&address).unwrap();
reqwest::blocking::get(url).unwrap().text().unwrap(); // $ Alert[rust/cleartext-transmission]
}
fn post_with_password_in_url() {
let password = "Hunter12";
let url = format!("example.com?password={}", password); // $ Source
let client = reqwest::Client::new();
client.post(url).body("body").send(); // $ Alert[rust/cleartext-transmission]
}
fn request_blocking_put_with_password_in_url() {
let password = "Hunter12";
let url = format!("example.com?password={}", password); // $ Source
let client = reqwest::blocking::Client::new();
client.request(Method::PUT, url).body("body").send(); // $ Alert[rust/cleartext-transmission]
}
fn request_put_with_password_in_url() {
let password = "Hunter12";
let url = format!("example.com?password={}", password); // $ Source
let client = reqwest::Client::new();
client.request(Method::PUT, url).body("body").send(); // $ Alert[rust/cleartext-transmission]
}
fn main() {
get_with_password_in_url();
get_with_password_in_constructed_url();
post_with_password_in_url();
request_blocking_put_with_password_in_url();
request_put_with_password_in_url();
}
Reference in New Issue View Git Blame Copy Permalink