richard-cox
commented
3 years ago Once out of browser land we proxy requests directly to CF, so to fix this you would need to contact the your Cloud Foundry provider / the CF API team (we add the validation as a convenience).
Stratos Version
Stratos 4.4.0
Frontend Deployment type
Backend (Jet Stream) Deployment type
Expected behaviour
It should not report Bypass business logic medium issue .
Actual behaviour
It is reporting this as a medium issue .
Steps to reproduce the behavior
Log output covering before error and any error statements
Request PUT /pp/v1/proxy/v2/space_quota_definitions/b10aa7fd-5571-45ad-bbbc-41eece15ae07 HTTP/1.1Host: xxxxxx.ocp44-ibm-preprod-staging-2025abf5e73a457f12bb6f6fae6f9c13-0000.tor01.containers.appdomain.cloudCookie: 59077741355d13ee9356da7f9fd7620c=e3901fc4ab228cbc32e8a8673f62f924; console-session=MTYyNjg0NjEwOXxCZ3dBQXpFM05nPT18yzfbUK7s5D8h2KyQcTpxHEECHlPlKPqQU5ttEqULirE=User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:89.0) Gecko/20100101 Firefox/89.0 Accept: application/json, text/plain, /Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateReferer: https://xxxx-ui.ocp44-ibm-preprod-staging-2025abf5e73a457f12bb6f6fae6f9c13-0000.tor01.containers.appdomain.cloud/cloud-foundry/AvCk-xOs89DDDe-5kjOr4rjr2VY/organizations/9f957acf-bf1c-4052-95ed-144064b81432/space-quota-definitions/b10aa7fd-5571-45ad-bbbc-41eece15ae07/edit-space-quota?space=f1ec43df-77ef-49fd-8eb9-e3b556e0ae87X-Cap-Cnsi-List: AvCk-xOs89DDDe-5kjOr4rjr2VYX-Xsrf-Token: 8jnzC3euvi9QrdhZko6TzJ8Sdg4qII/CrMAFao3gz2I=Content-Type: application/jsonContent-Length: 242Origin: https://xxxx-ui.ocp44-ibm-preprod-staging-2025abf5e73a457f12bb6f6fae6f9c13-0000.tor01.containers.appdomain.cloudTe: trailersConnection: close{"name":"testsapcequotadelet","total_services":1,"total_routes":-1,"memory_limit":-1,"app_task_limit":3,"total_service_keys":13,"instance_memory_limit":3,"non_basic_services_allowed":true,"total_reserved_route_ports":2,"app_instance_limit":1}
Response
HTTP/1.1 200 OKDate: Wed, 21 Jul 2021 05:50:22 GMTContent-Type: text/plain; charset=utf-8Content-Length: 712Connection: closeAccess-Control-Allow-Credentials: trueAccess-Control-Allow-Origin: Cache-Control: no-storePragma: no-cacheVary: OriginX-Frame-Options: SAMEORIGIN{"AvCk-xOs89DDDe-5kjOr4rjr2VY":{"metadata":{"guid":"b10aa7fd-5571-45ad-bbbc-41eece15ae07","url":"/v2/space_quota_definitions/b10aa7fd-5571-45ad-bbbc-41eece15ae07","created_at":"2021-07-18T13:25:32Z","updated_at":"2021-07-21T05:50:22Z"},"entity":{"name":"testsapcequotadelet","organization_guid":"9f957acf-bf1c-4052-95ed-144064b81432","non_basic_services_allowed":true,"total_services":1,"total_routes":- 1,"memory_limit":-1,"instance_memory_limit":3,"app_instance_limit":1,"app_task_limit":3,"total_service_keys":13,"total_reserved_route_ports":2,"organization_url":"/v2/organizations/9f957acf-bf1c-4052-95ed-144064b81432","spaces_url":"/v2/space_quota_definitions/b10aa7fd-5571-45ad-bbbc-41eece15ae07/spaces"}}}
Detailed Description
Business logic vulnerabilities are ways of using the legitimate processing flow of an application in a way that results in a negative. The likelihood of business logic problems really depends on the circumstances. Every application has a different business process, application specific logic and can be manipulated in an infinite number of combinations.
Context
The risks of business logic attacksinclude data theft, revenue loss and network security breaches. The scenario can lead to memory exhaustion and result into server crash.
Affected URL/API
https://xx-ui.ocp44-test-xxxxxxxx-staging-2025abf5e73a457f12bb6f6fae6f9c13-0000.tor01.containers.appdomain.cloud/pp/v1/proxy/v2/space_quota_definitions/b10aa7fd-5571-45ad-bbbc-41eece15ae07
Possible Implementation
Ensure that any input validation performed on the client is also performed on the server. Please refer below link for more information:https://www.owasp.org/index.php/Testing_for_business_logic