The urllib.parse module for URL parsing and building. urljoin is commonly used to build request URLs — when the base is user-controlled, attackers can redirect to arbitrary hosts. urlparse can be used as a sanitizer for SSRF if the netloc is validated.
.quote()Sanitizerurllib.parse.quote(string, safe='/', ...) -> str
Percent-encodes a URL component. Sanitizer when used on user input before URL concat.
return.quote_plus()Sanitizerurllib.parse.quote_plus(string, safe='', ...) -> str
Like quote but encodes spaces as +. Sanitizer for query strings.
return.urlparse()Neutralurllib.parse.urlparse(urlstring: str, scheme='', allow_fragments=True) -> ParseResult
Parses a URL into components. Building block for SSRF sanitization (check netloc).
return.urljoin()Neutralurllib.parse.urljoin(base: str, url: str, allow_fragments=True) -> str
Joins a base URL and a relative URL. Neutral; output often reaches HTTP sinks.
return| FQN | Field | |
|---|---|---|
| urllib.parse | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyUrllibParse