rspec/rules/S7044/rationale.adoc

A Server-Side Request Forgery (SSRF) is a security vulnerability that allows an
attacker to induce the server-side application to make HTTP requests to an
arbitrary domain of the attacker's choosing. However, in a path traversal SSRF
attack, the attacker only controls the path of the URL.

Path traversal attacks can be used to alter the request path of the server-side
request, potentially accessing unauthorized endpoints or data. This type of
attack is particularly dangerous if the server-side application can be
manipulated to send requests to internal resources that are not normally
accessible to an external attacker.
Create rule S7044: Server-side requests should not be vulnerable to traversing attacks (#4139) 2024-08-14 11:52:34 +02:00			`A Server-Side Request Forgery (SSRF) is a security vulnerability that allows an`
			`attacker to induce the server-side application to make HTTP requests to an`
			`arbitrary domain of the attacker's choosing. However, in a path traversal SSRF`
			`attack, the attacker only controls the path of the URL.`

			`Path traversal attacks can be used to alter the request path of the server-side`
			`request, potentially accessing unauthorized endpoints or data. This type of`
			`attack is particularly dangerous if the server-side application can be`
			`manipulated to send requests to internal resources that are not normally`
			`accessible to an external attacker.`