Create a bcheck for detecting malicious Polyfill CDN

KnugiHK commented 5 months ago

The well-known Polyfill service CDN (polyfill.io) has been sold, and it is now serving malicious JavaScript code. Website owners using this CDN should remove the associated code from their sites immediately. For more information about this supply chain attack, visit https://sansec.io/research/polyfill-supply-chain-attack.

BCheck Contributions

[x] BCheck compiles and executes as expected
[x] BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
[x] Only .bcheck files have been added or modified
[x] BCheck is in the appropriate folder
[x] PR contains single or limited number of BChecks (Multiple PRs are preferred)
[x] BCheck attempts to minimize false positives

KnugiHK commented 4 months ago

Thanks!

jmasters410 commented 4 months ago

Suggest adding domains from June 28th update on https://sansec.io/research/polyfill-supply-chain-attack to ensure detection on other domains.

PortSwiggerWiener commented 4 months ago

@jmasters410 Great idea. Fancy submitting a PR? :)

PortSwiggerWiener commented 4 months ago

@jmasters410 Here you go: https://github.com/PortSwigger/BChecks/blob/main/other/Javascript/malicious_javascript_imported.bcheck

PortSwigger / BChecks

Create a bcheck for detecting malicious Polyfill CDN #211

BCheck Contributions