Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG]Reachable Construct Detected in requests==2.21 #263

Open
wangyueq0101 opened this issue Oct 24, 2024 · 0 comments
Open

[BUG]Reachable Construct Detected in requests==2.21 #263

wangyueq0101 opened this issue Oct 24, 2024 · 0 comments
Labels
awaiting-triage Request awaiting triage

Comments

@wangyueq0101
Copy link

Summary

A reachable construct was detected in requests==2.21 through my static analysis database. The analysis uncovered more than 15 call chains leading to this construct. Below is one example to illustrate the potential vulnerability:

Call Chain Analysis

varken.radarr.RadarrAPI.get_queue
└── calls varken.helpers.connection_handler
└── calls requests.sessions.Session.send
└── calls requests.sessions.SessionRedirectMixin.resolve_redirects
└── calls requests.sessions.SessionRedirectMixin.rebuild_proxies

Patch and Code Changes

This construct might be vulnerable because it was modified in a security-related patch. The original version (requests==2.21) may still pose risks and warrants further investigation.

Note:

This issue was identified through a static analysis of the project at commit [ec79d22].
@wangyueq0101 wangyueq0101 added the awaiting-triage Request awaiting triage label Oct 24, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
awaiting-triage Request awaiting triage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@wangyueq0101