rspec/rules/S7044/rationale.adoc

Path Traversal Server-Side Request Forgery is a sub-class of
Server-Side Request Forgery (SSRF). In this type of attack, the attacker
manipulates the path of the URL in the server-side request, rather than
controlling the entire URL. This can lead to unauthorized access to endpoints
or data by altering the request path.

Path Traversal SSRF attacks are dangerous because they can exploit the
server-side application's ability to send requests to internal resources that
are typically inaccessible to external attackers. By manipulating the path,
attackers can potentially gain access to sensitive information or
functionalities that should be protected.
Create rule S7044: Server-side requests should not be vulnerable to traversing attacks (#4162) 2024-08-23 12:38:37 +00:00			`Path Traversal Server-Side Request Forgery is a sub-class of`
			`Server-Side Request Forgery (SSRF). In this type of attack, the attacker`
			`manipulates the path of the URL in the server-side request, rather than`
			`controlling the entire URL. This can lead to unauthorized access to endpoints`
			`or data by altering the request path.`
Create rule S7044: Server-side requests should not be vulnerable to traversing attacks (#4139) 2024-08-14 11:52:34 +02:00
Create rule S7044: Server-side requests should not be vulnerable to traversing attacks (#4162) 2024-08-23 12:38:37 +00:00			`Path Traversal SSRF attacks are dangerous because they can exploit the`
			`server-side application's ability to send requests to internal resources that`
			`are typically inaccessible to external attackers. By manipulating the path,`
			`attackers can potentially gain access to sensitive information or`
			`functionalities that should be protected.`