Skip to content

/ securitylab

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: Add SSRF query for Java #84

Open
porcupineyhairs opened this issue May 13, 2020 · 3 comments
Open

Java: Add SSRF query for Java #84

porcupineyhairs opened this issue May 13, 2020 · 3 comments
Labels
All For One

Comments

@porcupineyhairs
Copy link

@porcupineyhairs porcupineyhairs commented May 13, 2020

CVE ID(s)

There are no CVE's found with this query yet as this has not been tested against projects on lgtm.

Report

*An SSRF vulnerability allows an attacker to make the victim server communicate with attacker controlled server. This is usually a critical issue which can lead to an RCE.

  • My PR adds support for the following API's

    • Java 11 java.net.http package
    • Apache HttpClient

  • It also models flows through URI and URL classes.

  • It also includes library tests, query tests and qhelp files along with nicely documented code.

Please note, github/codeql#3452 tackles a similar issue. but there are quite a few difference between this one and that. i have written a brief over here

Link to corresponding PR: [github/codeql#3454]

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc). We would love to have you spread the word about the good work you are doing

Yes, I have around 10 PR's open as of now across both the codeql repos. I also have a few more ideas which I plan to write a query for. Once, I am done with those, I plan on writing a set of blogs documenting the process of writing the query from the scratch. That would ideally help attract newcomers to codeql.
@aibaars
Copy link

@aibaars aibaars commented May 14, 2020

@porcupineyhairs You might want to test your query against

CVE-2019-10686, which was fixed by: ctripcorp/apollo@5691937
@pwntester
Copy link

@pwntester pwntester commented May 14, 2020

Thats a good point, I sholuld have added Spring's RestTemplate to the list in github/codeql#3452 (comment)
Will add it now.
@porcupineyhairs
Copy link
Author

@porcupineyhairs porcupineyhairs commented May 21, 2020

I have now added JAX-WS and RestTemplate support to my PR. It should now detect the case mentioned above.
@porcupineyhairs porcupineyhairs changed the title porcupiney.hairs: Add SSRF query for Java Java: Add SSRF query for Java May 21, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
All For One
Projects
None yet
Milestone
No milestone
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
3 participants
@pwntester @aibaars @porcupineyhairs
You can’t perform that action at this time.