Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolved ssrf vulnerability #2657

Open
wants to merge 12 commits into
base: main
Choose a base branch
from
+5,032 −0
Open

Resolved ssrf vulnerability #2657

Changes from 4 commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
0faf9e3
added ssrf checks
Uttkarsh-raj Aug 19, 2024
b68b40d
is valid func modified
Uttkarsh-raj Aug 19, 2024
d99cbd3
Merge branch 'main' into security
Uttkarsh-raj Aug 19, 2024
8b92bf3
Merge branch 'main' into security
DonnieBLT Aug 19, 2024
a051c7b
Merge branch 'OWASP-BLT:main' into security
Uttkarsh-raj Aug 20, 2024
b0b7f7f
resolved changes
Uttkarsh-raj Aug 20, 2024
f63e454
Merge branch 'main' into security
Uttkarsh-raj Aug 21, 2024
1501a59
merged changes
Uttkarsh-raj Nov 24, 2024
201724d
Merge branch 'security' of https://github.com/Uttkarsh-raj/BLT into s…
Uttkarsh-raj Nov 24, 2024
a18cd60
Merge branch 'main' into security
Uttkarsh-raj Nov 25, 2024
8b73458
Merge branch 'main' into security
Uttkarsh-raj Nov 26, 2024
07c5e4c
Merge branch 'main' into security
Uttkarsh-raj Nov 28, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 30 additions & 13 deletions website/views.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -156,28 +156,30 @@ def profile_edit(request):
def add_domain_to_company(request):
if request.method == "POST":
domain = request.POST.get("domain")
domain = Domain.objects.get(id=domain)
try:
domain = Domain.objects.get(id=domain)
except Domain.DoesNotExist:
return HttpResponseBadRequest("Invalid domain ID")
company_name = request.POST.get("company")
company = Company.objects.filter(name=company_name).first()

if not company:
try:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is very basic check for company name in the response body. Let's at least check that the request isn't being redirected to another location (status code 200 might work)

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I have made the changes, plz do check if this satisfies the requirements. Thank you.

response = requests.get(domain.url)
soup = BeautifulSoup(response.text, "html.parser")
if company_name in soup.get_text():
except requests.RequestException as e:
messages.error(request, f"Failed to fetch URL: {e}")
return redirect("index")

if company_name in soup.get_text():
company = Company.objects.filter(name=company_name).first()
if not company:
company = Company.objects.create(name=company_name)
domain.company = company
domain.save()
messages.success(request, "Organization added successfully")
# back to the domain detail page
return redirect("domain", slug=domain.url)
else:
messages.error(request, "Organization not found in the domain")
return redirect("domain", slug=domain.url)
else:
domain.company = company
domain.save()
messages.success(request, "Organization added successfully")
# back to the domain detail page
return redirect("domain", slug=domain.url)
else:
messages.error(request, "Organization not found in the domain")
return redirect("domain", slug=domain.url)
else:
return redirect("index")
Expand Down Expand Up @@ -3348,6 +3350,18 @@ def get(self, request, *args, **kwargs):
return render(request, self.template_name, context)


def is_valid_url(url):
try:
parsed_url = urlparse(url)
if parsed_url.scheme not in ["http", "https"]:
Uttkarsh-raj marked this conversation as resolved.
Show resolved Hide resolved
return False
if re.match(r"^(localhost|127\.|10\.|172\.16\.|192\.168\.)", parsed_url.hostname):
Uttkarsh-raj marked this conversation as resolved.
Show resolved Hide resolved
return False
return True
except Exception as e:
return False


@login_required(login_url="/accounts/login")
def add_or_update_domain(request):
if request.method == "POST":
Expand All @@ -3365,6 +3379,9 @@ def add_or_update_domain(request):
domain.logo = request.FILES["logo"]
except:
pass
if not is_valid_url(request.POST["url"]):
return HttpResponseBadRequest("Invalid or Restricted URL")
domain.url = request.POST["url"]
domain.save()
return HttpResponse("Domain Updated")
except:
Expand Down
Loading