Skip to content

Instantly share code, notes, and snippets.

@rohitnss
Last active Jul 31, 2020
Embed
What would you like to do?
rules:
- id: SSRF
message: |
Generic SSRF Java
metadata:
cwe: "CWE-X"
owasp: "A1: Injection"
severity: ERROR
patterns:
- pattern-either:
- pattern: | #execute Directly
$RETURN $METHOD(...,String $VAR, ...) {
...
URL $URL = new URL($VAR);
...
}
- pattern: $URL = new URL($VAR);
- pattern-not: $URL = new URL("...");
languages:
- java
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment