codeql/0.0.6.md at 81297aad8c8bd6a349b5c821f873ca79b3a38548 - codeql - Gitea: Git with a cup of tea

hohn/codeql

mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00

Files

github-actions[bot] 1dfcf427aa Release preparation for version 2.7.5

2022-01-04 14:44:56 +00:00

565 B

Raw Blame History

0.0.6

New Queries

Two new queries have been added for detecting Server-side request forgery (SSRF). Full server-side request forgery (py/full-ssrf) will only alert when the URL is fully user-controlled, and Partial server-side request forgery (py/partial-ssrf) will alert when any part of the URL is user-controlled. Only py/full-ssrf will be run by default.

Minor Analysis Improvements

To support the new SSRF queries, the PyPI package requests has been modeled, along with http.client.HTTP[S]Connection from the standard library.