feat(analyzer): detect SSRF (cloud metadata / internal-network / dynamic-host requests)#63
Open
CharmingGroot wants to merge 1 commit into
Open
feat(analyzer): detect SSRF (cloud metadata / internal-network / dynamic-host requests)#63CharmingGroot wants to merge 1 commit into
CharmingGroot wants to merge 1 commit into
Conversation
…c-host requests) A skill that fetches the cloud metadata endpoint (169.254.169.254) to steal IAM credentials, or makes requests to internal hosts, was not flagged by any analyzer: existing analyzers match outbound data exfiltration or exec/subprocess sinks, not inbound-to-internal requests. Add a `static_patterns_ssrf` analyzer: SSRF1 (cloud metadata access), SSRF2 (requests to loopback/link-local/private hosts), SSRF3 (request target built from a dynamic/untrusted value). Adds a "Server-Side Request Forgery" category. Add tests for detection, same-line de-duplication, false-positive guard (normal public requests), and the node entrypoint. Signed-off-by: CharmingGroot <ohyes9711@gmail.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Fixes #62.
What this adds
A skill that performs SSRF — fetching the cloud metadata endpoint (
169.254.169.254) to steal IAM credentials, or making requests to internal hosts — was not flagged by any analyzer. Adds astatic_patterns_ssrfanalyzer under a new "Server-Side Request Forgery" category:169.254.169.254,metadata.google.internal, Alibaba100.100.100.200, IPv6 IMDS) — HIGHlocalhost,127.0.0.1,10.,192.168.,172.16–31.,::1) — MEDIUMrequests.get(f"http://{host}/...")) — MEDIUMThe reproduction from the issue (a metadata credential-theft script) went from
LOW(score 13) toCRITICAL(score 84).Scope / non-overlap
Verified the reproduction triggers none of
E1–E4, taint tracking, orbehavioral_ast— this is a distinct sink (inbound-to-internal request) fromE1(outbound exfil). The metadata IP is reported by SSRF1 only (no same-line duplicate with SSRF2). First-pass coverage anchors on Python/JS request functions and can be extended.Testing
ruff check src/ tests/andruff format --check src/ tests/pass.pytest -m 'not integration'passes (606 passed, 11 skipped).static_patterns_ssrfat 100% coverage. Tests cover: metadata / internal-host / dynamic-host detection, metadata-IP de-duplication, a false-positive guard (normal public HTTPS request is not flagged), and the node entrypoint.