JaydenLin jaydenlin

## ssrf_demo.js
app.post(`/api/:userId/posts`, async (req, res) => {
    const token = await tokenService.getToken(req);
    const response = await api.post(`http://internal.corp.com/${req.params.userId}/posts?message=${req.query.message}&token=${token}`);
    return res.send(response.data);
});

## getCheckedKeys.js

const parseTagId = (key) => {
    //取 tag_588 中的 tag id 數字
    return key.match(/\d+/g) === null ? null: key.match(/\d+/g)[0];
}
const isTagKey = (key) => {
    //判斷是不是 tag (資料夾會是undefined) 以及是否可以取 tag id
    return typeof key !== "undefined" && parseTagId(key) !== null;
}

## next.config.js
const withCSS = require('@zeit/next-css')
const path = require('path')
// module.exports = withCSS({
//   cssModules: true
// })
const avoidPaths = ['node_modules/@shopify/polaris/', 'node_modules/rc-steps/assets/', 'node_modules/react-table/', 'node_modules/react-toastify/dist/', 'node_modules/react-id-swiper/src/styles/css/swiper.css'].map(d => path.join(__dirname, d));

function canBeTransformed(pathToCheck) {
	return !avoidPaths.some(function(v) {
		const path = pathToCheck.substr(0, pathToCheck.lastIndexOf('/') + 1);

## Triple Cookie Submit.html

<script> var ANTI_CSRF = "<%= randomValue %>"; </script>


## Triple Cookie Submit.java

response.addHeader("Set-Cookie","+ randomName + "=" + randomValue + "; HttpOnly; path='/'; domain=realwebsite.com");


## Double Cookie Submit.html
<form method='POST' action='/buy.php'>
  <input type='text' name='item'>
  <input type='hidden' name='csrf-token' value='<%= randomValue %>'>
  <input type='submit' value='submit'>
</form>

## Double Cookie Submit.java
response.addHeader("Set-Cookie","csrf-token=" + randomValue + "; HttpOnly; path='/'; domain=realwebsite.com");

## CSRF POST ajax.js
$(function () {
  var token = $("meta[name='_csrf']").attr("content");
  var header = $("meta[name='_csrf_header']").attr("content");
  $(document).ajaxSend(function(e, xhr, options) {
    xhr.setRequestHeader(header, token);
  });
});

## CSRF POST ajax.html
<html>
<head>
	<meta name="_csrf" content="XXDDHHIIUUUEEEEJJAAA"/>
	<meta name="_csrf_header" content="X-CSRF-TOKEN"/>
	<!-- ... -->
</head>
<!-- ... -->

## CSRF token from.html
<form method='POST' action='/buy.php'>
  <input type='text' name='item'>
  <input type='hidden' name='csrf-token' value='XXDDHHIIUUUEEEEJJAAA'>
  <input type='submit' value='submit'>
</form>
	app.post(`/api/:userId/posts`, async (req, res) => {
	const token = await tokenService.getToken(req);
	const response = await api.post(`http://internal.corp.com/${req.params.userId}/posts?message=${req.query.message}&token=${token}`);
	return res.send(response.data);
	});

	const parseTagId = (key) => {
	//取 tag_588 中的 tag id 數字
	return key.match(/\d+/g) === null ? null: key.match(/\d+/g)[0];
	}
	const isTagKey = (key) => {
	//判斷是不是 tag (資料夾會是undefined) 以及是否可以取 tag id
	return typeof key !== "undefined" && parseTagId(key) !== null;
	}
	const withCSS = require('@zeit/next-css')
	const path = require('path')
	// module.exports = withCSS({
	// cssModules: true
	// })
	const avoidPaths = ['node_modules/@shopify/polaris/', 'node_modules/rc-steps/assets/', 'node_modules/react-table/', 'node_modules/react-toastify/dist/', 'node_modules/react-id-swiper/src/styles/css/swiper.css'].map(d => path.join(__dirname, d));

	function canBeTransformed(pathToCheck) {
	return !avoidPaths.some(function(v) {
	const path = pathToCheck.substr(0, pathToCheck.lastIndexOf('/') + 1);
	$(function () {
	var token = $("meta[name='_csrf']").attr("content");
	var header = $("meta[name='_csrf_header']").attr("content");
	$(document).ajaxSend(function(e, xhr, options) {
	xhr.setRequestHeader(header, token);
	});
	});
	<html>
	<head>
	<meta name="_csrf" content="XXDDHHIIUUUEEEEJJAAA"/>
	<meta name="_csrf_header" content="X-CSRF-TOKEN"/>
	<!-- ... -->
	</head>
	<!-- ... -->
	<form method='POST' action='/buy.php'>
	<input type='text' name='item'>
	<input type='hidden' name='csrf-token' value='XXDDHHIIUUUEEEEJJAAA'>
	<input type='submit' value='submit'>
	</form>