Skip to content

Instantly share code, notes, and snippets.

@rohitnss

rohitnss/ssrf.yml

Last active July 31, 2020 08:55
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save rohitnss/c1293b78c50325f0cfa1cfe151bbcaa1 to your computer and use it in GitHub Desktop.
Save rohitnss/c1293b78c50325f0cfa1cfe151bbcaa1 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
ssrf.yml
rules:
- id: SSRF
message: |
Generic SSRF Java
metadata:
cwe: "CWE-X"
owasp: "A1: Injection"
severity: ERROR
patterns:
- pattern-either:
- pattern: | #execute Directly
$RETURN $METHOD(...,String $VAR, ...) {
...
URL $URL = new URL($VAR);
...
}
- pattern: $URL = new URL($VAR);
- pattern-not: $URL = new URL("...");
languages:
- java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment