Skip to content

Additional HTTP status codes during selection in SSRFAnalyser #1338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 4 commits into from
Oct 8, 2025
Merged

Additional HTTP status codes during selection in SSRFAnalyser #1338

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
304a28f
additional status codes
seran Oct 6, 2025
8589f2c
Merge branch 'master' into ssrf-status-codes
seran Oct 6, 2025
c137f55
Merge branch 'master' into ssrf-status-codes
seran Oct 7, 2025
ca7e7d5
Merge branch 'master' into ssrf-status-codes
seran Oct 7, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 14 additions & 7 deletions core/src/main/kotlin/org/evomaster/core/problem/security/service/SSRFAnalyser.kt
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,11 +94,16 @@ class SSRFAnalyser {
fun apply(): Solution<RestIndividual> {
LoggingUtil.getInfoLogger().info("Applying {}", SSRFAnalyser::class.simpleName)

individualsInSolution = getIndividualsWithStatus2XX()
val individualsWith2XX = getIndividualsWithStatus2XX()

// Note: In some cases with black-box, we may not be able to get HTTP 200
// while, there is a possibility for a SSRF. As a temporary fix, we are
// selecting individuals with HTTP 400 and 422 status codes.
val individualsWith4XX = getIndividualsWithStatus4XX()

individualsInSolution = individualsWith2XX + individualsWith4XX

if (individualsInSolution.isEmpty()) {
// FIXME: If the [individualsInSolution] is empty, we need to look for individuals
// with 400 and 422
return archive.extractSolution()
}

Expand All @@ -119,10 +124,6 @@ class SSRFAnalyser {
// execute
analyse()

// TODO: This is for development, remove it later
val individualsAfterExecution = getIndividualsWithStatus2XX()
log.debug("Total individuals after vulnerability analysis: {}", individualsAfterExecution.size)

return archive.extractSolution()
}

Expand Down Expand Up @@ -342,4 +343,10 @@ class SSRFAnalyser {
statusGroup = StatusGroup.G_2xx
)
}
private fun getIndividualsWithStatus4XX(): List<EvaluatedIndividual<RestIndividual>> {
return RestIndividualSelectorUtils.findIndividuals(
this.archive.extractSolution().individuals,
statusCodes = listOf(400, 422)
)
}
}