PyHttplib2

httplib2 is an HTTP client with advanced caching features. Http.request() is an SSRF sink when the URI is user-controlled.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.request()Sends an HTTP request

Sinks

— dangerous functions taint must not reach

.request()Sink

Signature

Http.request(uri, method='GET', body=None, headers=None, ...) -> (Response, bytes)

Sends an HTTP request. SSRF sink on uri.

tracks:0

.Http()Neutral

Signature

httplib2.Http(cache=None, timeout=None, proxy_info=..., ca_certs=None, disable_ssl_certificate_validation=False) -> Http

Creates an HTTP client. Finding when disable_ssl_certificate_validation=True.

FQN	Field
httplib2	fqns[0]
httplib2.Http	fqns[1]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

rule.py

from codepathfinder.go_rule import PyHttplib2