Skip to content

Create SSRF_remotesource.cs #4

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
apsscolari wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Create SSRF_remotesource.cs #4

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
90 changes: 90 additions & 0 deletions SSRF_remotesource.cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
//SSRF coming from a remote source for testing codeQL queries
using System;
using System.Net;
using System.Text;
using System.Linq;
using System.IO;

// Simple NameValue class to hold parameter pairs
public class NameValue
{
public string name;
public string value;

public NameValue(string name, string value)
{
this.name = name;
this.value = value;
}
}

class Program
{
static void Main(string[] args)
{
// Sample call to the ProxyPostRequest method
var parameters = new NameValue[]
{
new NameValue("foo", "bar"),
new NameValue("hello", "world")
};

string url = FetchUrlFromRemoteSource(); // Get URL from remote source
var result = ProxyPostRequest(url, parameters);

Console.WriteLine("Response:\n" + result);
}

static string FetchUrlFromRemoteSource()
{
// Simulate fetching URL from a remote source (e.g. config server)
var req = WebRequest.Create("https://website.com/url.txt"); // should return a URL like http://httpbin.org/post
using (var res = req.GetResponse())
using (var reader = new StreamReader(res.GetResponseStream()))
{
return reader.ReadToEnd().Trim();
}
}

// A method to simulate UrlEncode (very basic)
static string UrlEncode(string s) => Uri.EscapeDataString(s);

// Simulate trace logging
static void TraceWrite(string s) => Console.WriteLine("[TRACE] " + s);

// Simple null guard
static void GuardArgumentNotNull(object o, string name)
{
if (o == null)
throw new ArgumentNullException(name);
}

public static string ProxyPostRequest(string url, NameValue[] parameters)
{
GuardArgumentNotNull(url, "url");
GuardArgumentNotNull(parameters, "parameters");

string stringData = string.Join("&", parameters.Select(
p => string.Format("{0}={1}", UrlEncode(p.name), UrlEncode(p.value))));

TraceWrite(string.Format("Proxying POST request: {0}", url));
TraceWrite(stringData);

var data = Encoding.UTF8.GetBytes(stringData);
var webRequest = (HttpWebRequest)WebRequest.Create(url);
webRequest.Method = "POST";
webRequest.Timeout = 600000; // 10 min

using (var stream = webRequest.GetRequestStream())
{
stream.Write(data, 0, data.Length);
}

using (var response = (HttpWebResponse)webRequest.GetResponse())
using (var reader = new StreamReader(response.GetResponseStream()))
{
string responseText = reader.ReadToEnd();
return responseText;
}
}
}