File tree Expand file tree Collapse file tree 1 file changed +4
-2
lines changed
java/ql/src/Security/CWE/CWE-918 Expand file tree Collapse file tree 1 file changed +4
-2
lines changed Original file line number Diff line number Diff line change @@ -13,9 +13,11 @@ may be tricked into making a request and interacting with an attacker-controlled
1313</overview >
1414<recommendation >
1515
16- <p >To guard against SSRF attacks, it is advisable to avoid putting user input
16+ <p >To guard against SSRF attacks, you should avoid putting user-provided input
1717directly into a request URL. Instead, maintain a list of authorized
18- URLs on the server; then choose from that list based on the user input provided.</p >
18+ URLs on the server; then choose from that list based on the input provided.
19+ Alternatively, ensure requests constructed from user input are limited to
20+ a particular host or more restrictive URL prefix.</p >
1921
2022</recommendation >
2123<example >
You can’t perform that action at this time.
0 commit comments