- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
ID: php-security/tainted-url-host
Language: PHP
Severity: Error
Category: Security
CWE: 918
Server side request forgery (SSRF) is a type of exploit where an attacker abuses the functionality of a server to send HTTP requests to an arbitrary domain. SSRFs are dangerous because they can allow an attacker to bypass access controls, such as firewalls, to interact with internal resources.
The rule is important because it protects your application from potential security vulnerabilities. It restricts the ability of potential attackers to trick your server into making requests to arbitrary URLs, which could lead to unauthorized access to sensitive data or systems.
To avoid SSRF vulnerabilities, always sanitize user inputs that will be used in URLs. One way to do this is by using PHP’s built-in filter_var
function with the FILTER_SANITIZE_URL
option. This will remove any illegal URL characters from the input. Additionally, avoid using user input directly in the construction of URLs. Instead, use a base URL that you control, and append sanitized user input to it. For example, use $base_url = 'https://www.domain.tld/';
and $path = filter_var($_GET['url'], FILTER_SANITIZE_URL);
to create a safe URL.
<?php
function foo() {
$url = 'https://' . $_GET['url'] . '/path';
return perform_req($url);
}
function bar() {
$url = "https://{$_REQUEST['url']}/path";
return perform_req($url);
}
function baz() {
$url = sprintf('https://%s/%s/', $_COOKIE['foo'], $path);
return perform_req($url);
}
<?php
function foo() {
$base_url = 'https://www.domain.tld/';
$path = filter_var($_GET['url'], FILTER_SANITIZE_URL);
$url = $base_url . $path . '/path';
return perform_req($url);
}
function bar() {
$base_url = 'https://www.domain.tld/';
$path = filter_var($_REQUEST['url'], FILTER_SANITIZE_URL);
$url = "{$base_url}{$path}/path";
return perform_req($url);
}
function baz() {
$base_url = 'https://www.domain.tld/';
$path = filter_var($_COOKIE['foo'], FILTER_SANITIZE_URL);
$url = sprintf('%s%s/%s/', $base_url, $path, 'path');
return perform_req($url);
}