diff --git a/docs/extensions/semgrep-intellij.md b/docs/extensions/semgrep-intellij.md index 9f7903a3f0..f6b3521df2 100644 --- a/docs/extensions/semgrep-intellij.md +++ b/docs/extensions/semgrep-intellij.md @@ -87,7 +87,7 @@ Hover over a match and click the link. ## Support -If you need our support, join the [Semgrep community Slack workspace](http://go.semgrep.dev/slack) and tell us about any problems you encountered. +If you need our support, join the [Semgrep community Slack workspace](https://go.semgrep.dev/slack) and tell us about any problems you encountered. ## Limitations diff --git a/docs/faq/comparisons/opengrep.md b/docs/faq/comparisons/opengrep.md index a2a4713e08..e91108686e 100644 --- a/docs/faq/comparisons/opengrep.md +++ b/docs/faq/comparisons/opengrep.md @@ -19,7 +19,7 @@ To resolve confusion within security and developer communities when trying to ch ## What is Semgrep Community Edition? -[Semgrep Community Edition](http://semgrep.dev/products/community-edition) (CE) is the collective name for the [open source Semgrep engine](https://github.com/semgrep/semgrep), previously known as Semgrep OSS, and the collection of rules published and maintained by the Semgrep community and Semgrep, Inc. +[Semgrep Community Edition](https://semgrep.dev/products/community-edition) (CE) is the collective name for the [open source Semgrep engine](https://github.com/semgrep/semgrep), previously known as Semgrep OSS, and the collection of rules published and maintained by the Semgrep community and Semgrep, Inc. ## What is Opengrep? diff --git a/docs/learn/vulnerabilities/server-side-request-forgery/overview.md b/docs/learn/vulnerabilities/server-side-request-forgery/overview.md index 7b7f79f548..eb7559bd71 100644 --- a/docs/learn/vulnerabilities/server-side-request-forgery/overview.md +++ b/docs/learn/vulnerabilities/server-side-request-forgery/overview.md @@ -60,7 +60,7 @@ def fetch_data_securely(): return response.text ``` -In the function `fetch_data_vulnerable`, a request is made to a user-supplied url. There is a check to see if the url is on the domain [`semgrep.dev`](http://semgrep.dev) but it is insufficient. Notice what happens if the user enters `https://semgrep.dev.attacker.com`. The resulting URL is an attacker-controlled domain. This is a textbook case of SSRF. +In the function `fetch_data_vulnerable`, a request is made to a user-supplied url. There is a check to see if the url is on the domain [`semgrep.dev`](https://semgrep.dev) but it is insufficient. Notice what happens if the user enters `https://semgrep.dev.attacker.com`. The resulting URL is an attacker-controlled domain. This is a textbook case of SSRF. Tools like Semgrep can detect this type of issue automatically. They will look for untrusted input from user requests flowing into functions that send HTTP requests. The rule recognizes when user input is concatenated into the URL or passed through intermediate variables. This makes it practical to find SSRF vulnerabilities across large codebases without needing to manually inspect every string operation. diff --git a/src/components/procedure/_quickstart-intellij.md b/src/components/procedure/_quickstart-intellij.md index c33833e657..65dc496a73 100644 --- a/src/components/procedure/_quickstart-intellij.md +++ b/src/components/procedure/_quickstart-intellij.md @@ -13,5 +13,5 @@ 4. See Semgrep findings: Hold the pointer over the code that has the red underline. :::info Feature maturity -Semgrep's IntelliJ extensions are currently in beta. Currently, the IntelliJ extension only supports Semgrep Community Edition (CE) - it doesn't support Semgrep Supply Chain, Secrets, Pro rules, or Pro Engine. Please join the [Semgrep community Slack workspace](http://go.semgrep.dev/slack) and let the Semgrep team know if you encounter any issues. +Semgrep's IntelliJ extensions are currently in beta. Currently, the IntelliJ extension only supports Semgrep Community Edition (CE) - it doesn't support Semgrep Supply Chain, Secrets, Pro rules, or Pro Engine. Please join the [Semgrep community Slack workspace](https://go.semgrep.dev/slack) and let the Semgrep team know if you encounter any issues. :::