Skip to content

ssti #3886

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Fxyer wants to merge 2 commits into from
Closed

ssti #3886

Fxyer wants to merge 2 commits into from

Conversation

@Fxyer
Copy link

@Fxyer Fxyer commented Jul 3, 2020

Server-side template injection occurs when user-controlled input is embedded into a server-side template, allowing users to inject template directives.

@Fxyer Fxyer requested a review from a team as a code owner July 3, 2020 05:52
tausbn
tausbn reviewed Jul 8, 2020
View reviewed changes
Copy link
Contributor

@tausbn tausbn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution. We're currently in the process of reviewing a PR (#3396) that already implements support for detecting Server-Side Template Injections (including for Jinja2), so you may want to wait until that PR has been merged before adding more to this PR.

Also, I should add that we're currently rewriting large parts of the security analysis, so it may be best to wait until that work is done, as it will affect how we go about modelling libraries and do taint tracking. We expect this work to be done in a few months, and until then we do not plan on prioritising reviewing external submissions.

@adityasharad adityasharad changed the base branch from master to main August 14, 2020 18:33
@snyk-bot snyk-bot mentioned this pull request Apr 28, 2021
Merged
@RasmusWL
Copy link
Member

RasmusWL commented May 10, 2022

We're doing a bit of cleaning of old PRs, so going to close this one. Thanks for the original contribution 👍

@RasmusWL RasmusWL closed this May 10, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@tausbn tausbn tausbn left review comments

Assignees

No one assigned

Labels

Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Fxyer @RasmusWL @tausbn @MathiasVP