From 3cc855adf1e9a6fe6efc1a9b957bbe97b8fda102 Mon Sep 17 00:00:00 2001 From: Ark2307 Date: Sat, 16 Mar 2024 16:07:28 +0530 Subject: [PATCH] modified validator for checking ssrf hit --- apps/testing/src/main/java/com/akto/test_editor/Utils.java | 7 ++++++- .../filter/data_operands_impl/SsrfUrlHitFilter.java | 7 +++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/apps/testing/src/main/java/com/akto/test_editor/Utils.java b/apps/testing/src/main/java/com/akto/test_editor/Utils.java index 05097301e6..738287c171 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/Utils.java +++ b/apps/testing/src/main/java/com/akto/test_editor/Utils.java @@ -657,7 +657,12 @@ public static ExecutorSingleOperationResp sendRequestToSsrfServer(String request } } - public static Boolean sendRequestToSsrfServer(String requestUrl){ + public static Boolean sendRequestToSsrfServer(String url){ + String requestUrl = ""; + if(!(url.startsWith("http"))){ + requestUrl = "http://ssrf.akto.io/validate/" + url; + } + Request request = new Request.Builder() .url(requestUrl) .get() diff --git a/apps/testing/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java b/apps/testing/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java index 401ad84622..5d8ca68a66 100644 --- a/apps/testing/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java +++ b/apps/testing/src/main/java/com/akto/test_editor/filter/data_operands_impl/SsrfUrlHitFilter.java @@ -4,6 +4,7 @@ import java.util.List; import com.akto.dto.test_editor.DataOperandFilterRequest; +import com.akto.test_editor.Utils; public class SsrfUrlHitFilter extends DataOperandsImpl { @@ -21,8 +22,10 @@ public Boolean isValid(DataOperandFilterRequest dataOperandFilterRequest) { } for (String queryString: querySet) { - System.out.println(queryString); - // trigger function here + if(Utils.sendRequestToSsrfServer(queryString)){ + result = true; + break; + } } return result;