Create Secure Coding - Server Side Request Forgery.md

2023-12-16 10:02:50 +03:30 · 2023-12-16 10:02:50 +03:30 · e86c0b3185
commit e86c0b3185
parent feaf9c34ed
1 changed files with 167 additions and 0 deletions
--- a/Forgery.md
+++ b/Forgery.md
@ -0,0 +1,167 @@
+# Server Side Request Forgery (API7:2023)
+Due to this vulnerability, the attacker has the possibility to forge requests on the server side and send fake requests to authorized destinations.
+
+* Example
+
+GET request to get an image from a specific URL:
+```html
+GET /api/image?url=http://malicious-website.com/malware.jpg
+```
+
+### Non-compliant code (.NET)
+```c#
+[Route("api/images")]
+public class ImageController : ApiController
+{
+    [HttpGet]
+    public IHttpActionResult GetImage(string url)
+        {
+        // Fetch the image from the specified URL without proper validation
+        using (WebClient client = new WebClient())
+        {
+            byte[] imageData = client.DownloadData(url);
+            return File(imageData, "image/jpeg");
+        }
+    }
+    // Other methods...
+}
+```
+
+
+### Compliant code (.NET)
+```c#
+[Route("api/images")]
+public class ImageController : ApiController
+{
+    [HttpGet]
+    public IHttpActionResult GetImage(string url)
+    {
+        // Validate and sanitize the URL before fetching the image
+        if (!IsValidUrl(url))
+        {
+            return BadRequest("Invalid URL");
+        }
+
+        using (WebClient client = new WebClient())
+        {
+            byte[] imageData = client.DownloadData(url);
+            return File(imageData, "image/jpeg");
+        }
+    }
+    private bool IsValidUrl(string url)
+    {
+        // Implement URL validation logic here (e.g., whitelist trusted domains)
+
+        // Return true if the URL is valid, otherwise false
+        // Example validation logic:
+        return url.StartsWith("http://trusted-domain.com");
+    }
+    // Other methods...
+}
+```
+
+
+## General prevention suggestions:
+
+* Before sending a request to a given URL, check and validate the URI and destination resource carefully.
+
+* Limiting the ability to receive information from external sources and restricting the list of authorized access to remote URLs.
+
+* Using Whitelist to show only valid addresses and allow access to them.
+
+* Validate and filter user input and URL-related parameters before using them in the request.
+
+* Use network restrictions, such as firewalls, to restrict access to external resources.
+
+* Training the development team to properly evaluate and validate a URI before using it in requests.
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+