search

mariana-bteixeira / python-mini-projects

A collection of simple python mini projects to enhance your python skills
https://python-world.github.io/python-mini-projects/#/
MIT License
0 stars 0 forks source link

CX SSRF @ projects/Scraping Medium Articles/scraping_medium.py [master] #16

Open mariana-bteixeira opened 9 months ago

mariana-bteixeira commented 9 months ago

SSRF issue exists @ projects/Scraping Medium Articles/scraping_medium.py in branch master

The application sends a request to a remote server, for some resource, using get in projects\Scraping Medium Articles\scraping_medium.py:18. However, an attacker can control the target of the request, by sending a URL or other data in input at projects\Scraping Medium Articles\scraping_medium.py:13.Similarity ID: -1104767097

Severity: Medium

CWE:918

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: [13](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Scraping Medium Articles/scraping_medium.py#L13)

[Code (Line #13):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/Scraping Medium Articles/scraping_medium.py#L13)

url = input('Enter url of a medium article: ')
mariana-bteixeira commented 9 months ago

Issue still exists.