- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/avoid-potential-ssrf
Language: PHP
Severity: Error
Category: Security
CWE: 918
In server-side request forgery (SSRF) attacks, an attacker can trick a server into making requests to other servers, potentially bypassing access controls and revealing sensitive information. SSRF vulnerabilities often arise when a web application makes a request to a URL provided by a user, without properly validating or sanitizing the input.
To adhere to this rule and prevent SSRF, always sanitize and validate user-provided URLs and file paths before making requests. PHP’s built-in filter_var
function can be used with the FILTER_SANITIZE_URL
and FILTER_VALIDATE_URL
filters to ensure the URL is safe to use. If handling file paths, use realpath
to resolve any relative paths or symbolic links, and then ensure the resolved path is within a safe base directory. This will prevent directory traversal attacks where an attacker can read or write files outside of the intended directory.
<?php
function foo() {
$ch = curl_init($_GET['data']);
}
function bar(){
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, $_POST['url']);
}
function baz(){
$path = $_GET['path'];
$file = fopen($path, 'rb');
}
function quux(){
$path = $_POST['path'];
$file = file_get_contents($path);
}
<?php
function foo() {
$url = filter_var($_GET['data'], FILTER_SANITIZE_URL);
if (filter_var($url, FILTER_VALIDATE_URL)) {
$ch = curl_init($url);
} else {
die('Invalid URL');
}
}
function bar() {
$ch = curl_init();
$url = filter_var($_POST['url'], FILTER_SANITIZE_URL);
if (filter_var($url, FILTER_VALIDATE_URL)) {
curl_setopt($ch, CURLOPT_URL, $url);
} else {
die('Invalid URL');
}
}
function baz() {
$path = realpath($_GET['path']);
if ($path && strpos($path, '/valid/base/dir') === 0) {
$file = fopen($path, 'rb');
} else {
die('Invalid file path');
}
}
function quux() {
$path = realpath($_POST['path']);
if ($path && strpos($path, '/valid/base/dir') === 0) {
$file = file_get_contents($path);
} else {
die('Invalid file path');
}
}