search

mariana-bteixeira / python-mini-projects

A collection of simple python mini projects to enhance your python skills
https://python-world.github.io/python-mini-projects/#/
MIT License
0 stars 0 forks source link

CX SSRF @ projects/download GeeksForGeeks articles/downloader.py [master] #2

Open mariana-bteixeira opened 10 months ago

mariana-bteixeira commented 10 months ago

SSRF issue exists @ projects/download GeeksForGeeks articles/downloader.py in branch master

The application sends a request to a remote server, for some resource, using get in projects\download GeeksForGeeks articles\downloader.py:47. However, an attacker can control the target of the request, by sending a URL or other data in input at projects\download GeeksForGeeks articles\downloader.py:45.Similarity ID: -2069893118

Severity: Medium

CWE:918

Vulnerability details and guidance

Internal Guidance

Checkmarx

Training Recommended Fix

Lines: [45](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/download GeeksForGeeks articles/downloader.py#L45)

[Code (Line #45):](https://github.com/mariana-bteixeira/python-mini-projects/blob/master/projects/download GeeksForGeeks articles/downloader.py#L45)

URL = input("provide article URL: ")
mariana-bteixeira commented 10 months ago

Issue still exists.