Modify rule S5144: Add HTTPX support (APPSEC-1247) (#3410)

* Add HTTPX

* Enhance compliant code sample

* Keep samples consistent

* Simplify compliant example somewhat

docs/header_names/allowed_framework_names.adoc

@@ -88,6 +88,7 @@
 * Python Standard Library
 * PyYAML
 * Requests
+* HTTPX
 * SQLAlchemy
 * Amazon DynamoDB
 * python-ldap

rules/S5144/python/how-to-fix-it/httpx.adoc

@@ -0,0 +1,52 @@
+== How to fix it in HTTPX
+
+=== Code examples
+
+include::../../common/fix/code-rationale.adoc[]
+
+==== Noncompliant code example
+
+[source,python,diff-id=21,diff-type=noncompliant]
+----
+from fastapi import FastAPI
+import httpx
+
+app = FastAPI()
+
+@app.get('/example')
+def example(url: str):
+    r = httpx.get(url)  # Noncompliant
+    return {"response": r.text}
+----
+
+==== Compliant solution
+
+[source,python,diff-id=21,diff-type=compliant]
+----
+from fastapi import FastAPI
+from fastapi.responses import JSONResponse
+import httpx
+from urllib.parse import urlparse
+
+DOMAINS_ALLOWLIST = ['trusted1.example.com', 'trusted2.example.com']
+app = FastAPI()
+
+@app.get('/example')
+def example(url: str):
+    if not urlparse(url).hostname in DOMAINS_ALLOWLIST:
+        return JSONResponse({"error": f"URL {url} is not whitelisted."}, 400)
+
+    r = httpx.get(url)
+    return {"response": r.text}
+----
+
+=== How does this work?
+
+include::../../common/fix/pre-approved-list.adoc[]
+
+The compliant code example uses such an approach.
+HTTPX implicitly validates the scheme as it only allows `http` and `https` by default.
+
+=== Pitfalls
+
+include::../../common/pitfalls/starts-with.adoc[]

rules/S5144/python/rule.adoc

@@ -10,6 +10,7 @@ include::how-to-fix-it/python.adoc[]
 
 include::how-to-fix-it/requests.adoc[]
 
+include::how-to-fix-it/httpx.adoc[]
 
 == Resources