Jineeshak · June 29, 2024 17:42
diff --git a/SSRF SUS.bcheck b/SSRF SUS.bcheck
 metadata:
  language: v1-beta
  name: "SSRF SUS"
  description: "Identify parameters that may be vulnerable to Server-Side Request Forgery (SSRF)."
  author: "@Jineesh AK"
  tags: "SSRF"

 given request then
  if {latest.request.url} matches "\b(\?|&)(url|link|uri|redirect|path|target|file|image|img|source|src|data|goto|to|nav|feed|rss|forward|out|view|external|web|request|fetch|load|upload|callback|continue|next|new|domain|address|proxy|proxy_url|remote|website|api|endpoint|redirect_uri)=\b" then
    report issue:
      severity: info
      confidence: tentative
      detail: "Parameter detected that may be vulnerable to Server-Side Request Forgery (SSRF)."
      remediation: "Validate and restrict the allowed values or use whitelisting to mitigate SSRF vulnerabilities."
  end if
	metadata:
	language: v1-beta
	name: "SSRF SUS"
	description: "Identify parameters that may be vulnerable to Server-Side Request Forgery (SSRF)."
	author: "@Jineesh AK"
	tags: "SSRF"

	given request then
	if {latest.request.url} matches "\b(\?\|&)(url\|link\|uri\|redirect\|path\|target\|file\|image\|img\|source\|src\|data\|goto\|to\|nav\|feed\|rss\|forward\|out\|view\|external\|web\|request\|fetch\|load\|upload\|callback\|continue\|next\|new\|domain\|address\|proxy\|proxy_url\|remote\|website\|api\|endpoint\|redirect_uri)=\b" then
	report issue:
	severity: info
	confidence: tentative
	detail: "Parameter detected that may be vulnerable to Server-Side Request Forgery (SSRF)."
	remediation: "Validate and restrict the allowed values or use whitelisting to mitigate SSRF vulnerabilities."
	end if