4

In my current application which is in Spring MVC We have code like below for gateway module.

URI uri = new URI(restURLProtocol, null, URLDomain, URLPort, "/api" +    request.getRequestURI(), request.getQueryString(), null);

Gateway module will call another application on same server using AsyncRestTemplate which works fine.

But tools like chekmarx suggest that the code request.getString() is succesptible for SSRF(server side request forgery) attack as an attacker can control the target of the request, by sending a URL or other data in request.

So is there is any way by which we can check request.getString() is susceptible for SSRF attack in java?

hemant
  • 564
  • 2
  • 13
  • 37

1 Answers1

0

It's very difficult to prove a code review finding through POC (proof of concept). In this case, 'theoretically' with assumptions SSRF can happen. When query string values are coming in any piece of code and user enter a different url in that query string and if its getting a response it might lead to SSRF. You read this article - https://www.acunetix.com/blog/articles/server-side-request-forgery-vulnerability/.

So it better to validate or format any query string values that are being used in the code. SSRF is a long shot but these query string values might lead to XXS or SQL injections (just depends on the way values are being used).

In my opinion, code reviews should lead to slight perspective change in developer's mind and make him/her think about security. I think mostly code reviews focus on how value is coming in, from where value is coming in and how its being used in the code. Just be conscious about data flow and think if malicious input comes, what can happen.

Abhishek Amola
  • 61
  • 3