Python/ServerSideRequestForgeryQuery

d10c · d10c · commit e7720f72f986 · 2025-10-14T14:02:17.000+02:00
python/ql/src/Security/CWE-918/PartialServerSideRequestForgery.ql
diff --git a/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll b/python/ql/lib/semmle/python/security/dataflow/ServerSideRequestForgeryQuery.qll
@@ -68,7 +68,8 @@ private module PartialServerSideRequestForgeryConfig implements DataFlow::Config
   predicate observeDiffInformedIncrementalMode() { any() }
 
   Location getASelectedSinkLocation(DataFlow::Node sink) {
-    // Note: this query does not select the sink itself
+    result = sink.(Sink).getLocation()
+    or
     result = sink.(Sink).getRequest().getLocation()
   }
 }

Original file line number	Diff line number	Diff line change
`@@ -68,7 +68,8 @@ private module PartialServerSideRequestForgeryConfig implements DataFlow::Config`
`68`	`68`	`predicate observeDiffInformedIncrementalMode() { any() }`
`69`	`69`
`70`	`70`	`Location getASelectedSinkLocation(DataFlow::Node sink) {`
`71`		`- // Note: this query does not select the sink itself`
	`71`	`+ result = sink.(Sink).getLocation()`
	`72`	`+ or`
`72`	`73`	`result = sink.(Sink).getRequest().getLocation()`
`73`	`74`	`}`
`74`	`75`	`}`