- Two new queries have been added for detecting Server-side request forgery (SSRF). Full server-side request forgery (
py/full-ssrf) will only alert when the URL is fully user-controlled, and Partial server-side request forgery (py/partial-ssrf) will alert when any part of the URL is user-controlled. Onlypy/full-ssrfwill be run by default.
- To support the new SSRF queries, the PyPI package
requestshas been modeled, along withhttp.client.HTTP[S]Connectionfrom the standard library.