Closed aktoboy closed 10 months ago
I would like to attempt to solve this issue. Can I be assigned please?
Done
I am not able to validate the response through tests so I assume that a 2xx answer is enough for validation.
No @adripo. Just validating 2xx response code will lead to lot of false positives. Try to add more validation
@avneesh-akto I added some payloads and headers for the validation
@avneesh-akto can you have a look at my PR please? thanks
Hi @adripo. Your test looks good. Only issue is with test validation. contains_either
doesn't support regex. So .*
won't work
Thanks for the input @avneesh-akto
What should I use instead of contains_either
?
I used regex following the docs here:
https://docs.akto.io/test-editor/test-yaml-syntax-detailed/api-selection-filters#regex
Just use contains_either
without regex
@avneesh-akto done. It should work correctly now. Could you also please tag the PR as hacktoberfest-accepted before October 31? Thank you
Hey your PR LGTM š . Thank you for your submission. Please change base branch to develop.
If I rebase to develop it will keep all the commits not synced between them. I should create a new branch and cherry-pick my commits. Does this sounds good to you?
Hi @adripo - ~that sounds good. Please create a new PR~
Time was running out for Hacktoerfest. I simply created a new branch from master
called hacktoberfest
. I have merged your PR there. We will take care of merging hacktoberfest
to master
.
Thank you @ankush-jain-akto ! This is really nice of you.
š Introduction: We want to test whether API's which take in url as a param are vulnerable to fetch information via protocols like SFTP, DICT, GOPHER, LDAP, TFTP using SSRF. You can refer this blog for more details about the attack.
šÆ Requirements: This test should only run for APIs which are taking url as a parameter in input. The test should cover the protocols mentioned in Introduction section. An SSRF example is implemented here already.
š Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here
ā Task summary:
Attempt
tab, if the payload changes, then task is done.āš» Hints: You can build the yaml template by referring this link
šš¼āāļø Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.