mirror of
https://github.com/github/codeql.git
synced 2025-12-18 09:43:15 +01:00
19 lines
329 B
Go
19 lines
329 B
Go
package main
|
|
|
|
import (
|
|
"net/http"
|
|
)
|
|
|
|
func handler(w http.ResponseWriter, req *http.Request) {
|
|
target := req.FormValue("target")
|
|
|
|
// BAD: `target` is controlled by the attacker
|
|
resp, err := http.Get("https://" + target + ".example.com/data/")
|
|
if err != nil {
|
|
// error handling
|
|
}
|
|
|
|
// process request response
|
|
use(resp)
|
|
}
|