From e86c0b318558e47029e9e55c5f23f62789836c2a Mon Sep 17 00:00:00 2001
From: Mehdi <pentest.co@gmail.com>
Date: Sat, 16 Dec 2023 10:02:50 +0330
Subject: [PATCH] Create Secure Coding - Server Side Request Forgery.md

---
 ...re Coding - Server Side Request Forgery.md | 167 ++++++++++++++++++
 1 file changed, 167 insertions(+)
 create mode 100644 Secure Coding - Server Side Request Forgery.md

diff --git a/Secure Coding - Server Side Request Forgery.md b/Secure Coding - Server Side Request Forgery.md
new file mode 100644
index 0000000..19728a2
--- /dev/null
+++ b/Secure Coding - Server Side Request Forgery.md	
@@ -0,0 +1,167 @@
+# Server Side Request Forgery (API7:2023)
+Due to this vulnerability, the attacker has the possibility to forge requests on the server side and send fake requests to authorized destinations.
+
+* Example
+
+GET request to get an image from a specific URL:
+```html
+GET /api/image?url=http://malicious-website.com/malware.jpg
+```
+
+### Non-compliant code (.NET)
+```c#
+[Route("api/images")]
+public class ImageController : ApiController
+{
+    [HttpGet]
+    public IHttpActionResult GetImage(string url)
+        {
+        // Fetch the image from the specified URL without proper validation
+        using (WebClient client = new WebClient())
+        {
+            byte[] imageData = client.DownloadData(url);
+            return File(imageData, "image/jpeg");
+        }
+    }
+    // Other methods...
+}
+```
+
+
+### Compliant code (.NET)
+```c#
+[Route("api/images")]
+public class ImageController : ApiController
+{
+    [HttpGet]
+    public IHttpActionResult GetImage(string url)
+    {
+        // Validate and sanitize the URL before fetching the image
+        if (!IsValidUrl(url))
+        {
+            return BadRequest("Invalid URL");
+        }
+
+        using (WebClient client = new WebClient())
+        {
+            byte[] imageData = client.DownloadData(url);
+            return File(imageData, "image/jpeg");
+        }
+    }
+    private bool IsValidUrl(string url)
+    {
+        // Implement URL validation logic here (e.g., whitelist trusted domains)
+
+        // Return true if the URL is valid, otherwise false
+        // Example validation logic:
+        return url.StartsWith("http://trusted-domain.com");
+    }
+    // Other methods...
+}
+```
+
+
+## General prevention suggestions:
+
+* Before sending a request to a given URL, check and validate the URI and destination resource carefully.
+
+* Limiting the ability to receive information from external sources and restricting the list of authorized access to remote URLs.
+
+* Using Whitelist to show only valid addresses and allow access to them.
+
+* Validate and filter user input and URL-related parameters before using them in the request.
+
+* Use network restrictions, such as firewalls, to restrict access to external resources.
+
+* Training the development team to properly evaluate and validate a URI before using it in requests.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+