rspec/rules/S5144/common/fix/how-does-this-work.adoc

=== How does this work?

Untrusted data, such as GET or POST request content, should always be
considered tainted. An application should avoid performing server-side requests
based on taintable data.

When such a feature is strictly necessary, SSRF could be mitigated by applying
an allow-list of trustable domains or by providing an API which indexes the
allowed domains, such as `http://example.com?url=1`.
[APPSEC-90] Modify rule S5144: Educational content (#1205) 2022-09-01 17:36:53 +02:00			`=== How does this work?`

			`Untrusted data, such as GET or POST request content, should always be`
			`considered tainted. An application should avoid performing server-side requests`
			`based on taintable data.`

			`When such a feature is strictly necessary, SSRF could be mitigated by applying`
			`an allow-list of trustable domains or by providing an API which indexes the`
			allowed domains, such as `http://example.com?url=1`.