ssrf

Compare original and translation side by side

🇺🇸

Original

English

🇨🇳

Translation

Chinese

Server-Side Request Forgery (A10:2021)

服务器端请求伪造（SSRF，A10:2021）

Analyze source code for server-side request forgery vulnerabilities including URL fetching from user input, missing URL validation, internal network access, redirect following, DNS rebinding, and cloud metadata endpoint access. SSRF is especially critical in cloud environments where metadata endpoints expose credentials and instance configuration.

分析源代码中的服务器端请求伪造（SSRF）漏洞，包括从用户输入获取URL、缺失URL验证、内部网络访问、跟随重定向、DNS重新绑定以及云元数据端点访问等场景。在云环境中，SSRF的危害尤为严重——云元数据端点会暴露凭证和实例配置信息。

Supported Flags

支持的标志

Read

../../shared/schemas/flags.md

for the full flag specification. This skill supports all cross-cutting flags. Key flags for this skill:

```
--scope
```
determines which files to analyze (default:
```
changed
```
)
```
--depth standard
```
reads code and checks URL fetch calls for user-controlled input
```
--depth deep
```
traces URL input from request parameters through all transformations to fetch calls
```
--severity
```
filters output (SSRF to cloud metadata is
```
critical
```
, general SSRF is
```
high
```
)

完整的标志规范请阅读

../../shared/schemas/flags.md

。本技能支持所有跨领域标志，关键标志如下：

```
--scope
```
：指定要分析的文件范围（默认值：
```
changed
```
）
```
--depth standard
```
：读取代码并检查URL获取调用是否包含用户可控输入
```
--depth deep
```
：追踪URL输入从请求参数到获取调用的所有转换流程
```
--severity
```
：过滤输出结果（针对云元数据的SSRF为
```
critical
```
级别，普通SSRF为
```
high
```
级别）

Framework Context

框架背景

Read

../../shared/frameworks/owasp-top10-2021.md

, section A10:2021 - Server-Side Request Forgery (SSRF), for the full category description, common vulnerabilities, and prevention guidance.

Key CWEs in scope:

CWE-918: Server-Side Request Forgery (SSRF)
CWE-441: Unintended Proxy or Intermediary
CWE-601: URL Redirection to Untrusted Site (open redirect enabling SSRF chains)

完整的类别说明、常见漏洞及防护指南，请阅读

../../shared/frameworks/owasp-top10-2021.md

中的 A10:2021 - 服务器端请求伪造（SSRF） 章节。

涵盖的关键CWE编号：

CWE-918: Server-Side Request Forgery (SSRF)
CWE-441: Unintended Proxy or Intermediary
CWE-601: URL Redirection to Untrusted Site（开放重定向可构成SSRF攻击链）

Detection Patterns

检测模式

Read

references/detection-patterns.md

for the full catalog of code patterns, search heuristics, language-specific examples, and false positive guidance.

完整的代码模式、搜索启发式规则、语言特定示例及误报处理指南，请阅读

references/detection-patterns.md

。

Workflow

工作流程

1. Determine Scope

1. 确定分析范围

Parse flags and resolve the file list per

../../shared/schemas/flags.md

. Filter to files likely to contain outbound HTTP request logic:

HTTP client usage (

**/http/**

**/client/**

**/fetch/**

**/request/**

)

Webhook and callback handlers (
```
**/webhooks/**
```
,
```
**/callbacks/**
```
)
Proxy and gateway code (
```
**/proxy/**
```
,
```
**/gateway/**
```
)

Integration modules (

**/integrations/**

**/connectors/**

**/services/**

)

File import/upload handlers (
```
**/upload/**
```
,
```
**/import/**
```
)
URL preview or unfurling code (
```
**/preview/**
```
,
```
**/unfurl/**
```
,
```
**/embed/**
```
)
PDF generation and screenshot services (
```
**/pdf/**
```
,
```
**/screenshot/**
```
,
```
**/render/**
```
)

解析标志并根据

../../shared/schemas/flags.md

确定文件列表。筛选出可能包含出站HTTP请求逻辑的文件：

HTTP客户端用法（

**/http/**

**/client/**

**/fetch/**

**/request/**

）

Webhook和回调处理器（
```
**/webhooks/**
```
,
```
**/callbacks/**
```
）
代理和网关代码（
```
**/proxy/**
```
,
```
**/gateway/**
```
）

集成模块（

**/integrations/**

**/connectors/**

**/services/**

）

文件导入/上传处理器（
```
**/upload/**
```
,
```
**/import/**
```
）
URL预览或展开代码（
```
**/preview/**
```
,
```
**/unfurl/**
```
,
```
**/embed/**
```
）
PDF生成和截图服务（
```
**/pdf/**
```
,
```
**/screenshot/**
```
,
```
**/render/**
```
）

2. Check for Available Scanners

2. 检查可用扫描器

Detect scanners per

../../shared/schemas/scanners.md

```
semgrep
```
-- primary scanner for SSRF patterns (taint analysis for URL flow)
```
bandit
```
-- Python-specific request patterns
```
gosec
```
-- Go HTTP client patterns

Record which scanners are available and which are missing.

根据

../../shared/schemas/scanners.md

检测可用扫描器：

```
semgrep
```
：SSRF模式检测的主要扫描器（用于URL流的污点分析）
```
bandit
```
：Python特定的请求模式扫描
```
gosec
```
：Go语言HTTP客户端模式扫描

记录可用和缺失的扫描器。

3. Run Scanners (If Available)

3. 运行扫描器（若可用）

If semgrep is available, run with rules targeting SSRF:

semgrep scan --config auto --json --quiet <target>

Filter results to rules matching SSRF, URL fetching, and request forgery patterns. Normalize output to the findings schema.

若semgrep可用，运行针对SSRF的规则：

semgrep scan --config auto --json --quiet <target>

筛选出匹配SSRF、URL获取和请求伪造模式的规则结果，将输出标准化为发现结果的格式。

4. Claude Code Analysis

4. Claude代码分析

Regardless of scanner availability, perform manual code analysis:

URL from user input: Find HTTP client calls (fetch, requests, http.get, etc.) and trace whether the URL or any URL component originates from user input (query params, request body, headers, path params).
URL scheme validation: Check that URL schemes are restricted to
```
http://
```
and
```
https://
```
only, blocking
```
file://
```
,
```
gopher://
```
,
```
dict://
```
,
```
ftp://
```
, and other dangerous schemes.
Internal IP blocking: Verify that URLs are validated against internal/private IP ranges (127.0.0.0/8, 10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 169.254.0.0/16, 0.0.0.0, ::1, fd00::/8) before making requests.
Cloud metadata protection: Check for blocking of cloud metadata endpoints (169.254.169.254, metadata.google.internal, 169.254.170.2) and IMDSv2 enforcement on AWS.
Redirect handling: Verify that HTTP redirects are either disabled or validated at each hop to prevent redirect-based SSRF bypass.
DNS rebinding: Check if DNS resolution and connection happen atomically or if there is a TOCTOU gap where a hostname could resolve to a safe IP during validation but a private IP during the actual request.

When

--depth deep

, additionally trace:

Complete data flow from request parameter to HTTP client call
URL construction through string concatenation, template rendering, or URL builder APIs
Indirect SSRF via PDF generators, screenshot services, SVG/XML processors, or webhook URLs

无论扫描器是否可用，都需执行人工代码分析：

来自用户输入的URL：查找HTTP客户端调用（fetch、requests、http.get等），并追踪URL或URL组件是否来自用户输入（查询参数、请求体、请求头、路径参数）。
URL协议验证：检查是否仅将URL协议限制为
```
http://
```
和
```
https://
```
，阻止
```
file://
```
、
```
gopher://
```
、
```
dict://
```
、
```
ftp://
```
等危险协议。
内部IP拦截：验证URL在发起请求前是否针对内部/私有IP范围（127.0.0.0/8、10.0.0.0/8、172.16.0.0/12、192.168.0.0/16、169.254.0.0/16、0.0.0.0、::1、fd00::/8）进行校验。
云元数据防护：检查是否拦截了云元数据端点（169.254.169.254、metadata.google.internal、169.254.170.2），以及是否在AWS上启用了IMDSv2强制校验。
重定向处理：验证HTTP重定向是否被禁用，或在每一跳都进行校验，以防止基于重定向的SSRF绕过。
DNS重新绑定：检查DNS解析和连接是否原子性执行，是否存在TOCTOU（时间检查到时间使用）间隙——即校验时主机名解析为安全IP，但实际请求时解析为私有IP。

当使用

--depth deep

时，额外追踪：

从请求参数到HTTP客户端调用的完整数据流
通过字符串拼接、模板渲染或URL构建API生成URL的过程
通过PDF生成器、截图服务、SVG/XML处理器或Webhook URL实现的间接SSRF

5. Report Findings

5. 生成检测报告

Format output per

../../shared/schemas/findings.md

using the

SSRF

prefix (e.g.,

SSRF-001

SSRF-002

Include for each finding:

Severity and confidence
Exact file location with code snippet
Impact description specific to the SSRF scenario (cloud metadata, internal scanning, data exfiltration)
Concrete fix with diff when possible
CWE and OWASP references

根据

../../shared/schemas/findings.md

格式输出结果，使用

SSRF

前缀（例如

SSRF-001

、

SSRF-002

）。

每个发现结果需包含：

严重程度和置信度
精确的文件位置和代码片段
针对SSRF场景的特定影响描述（云元数据泄露、内部网络扫描、数据窃取）
可行的修复方案（如有差异对比）
CWE和OWASP参考链接

What to Look For

检测要点

These are the high-signal patterns specific to server-side request forgery. Each maps to a detection pattern in

references/detection-patterns.md

URL from user input passed to HTTP client -- Any HTTP request function (fetch, requests.get, http.Get, HttpClient) called with a URL that originates from user-controlled input without validation.
Missing URL scheme whitelist -- URL validation that does not restrict the scheme to http/https, allowing file://, gopher://, or other dangerous protocols.
No blocking of internal IP ranges -- Outbound requests to user-supplied URLs without checking the resolved IP against private/reserved ranges, enabling internal network scanning and service access.
Cloud metadata endpoint accessible -- No specific blocking of 169.254.169.254 (AWS/Azure/GCP metadata), metadata.google.internal, or 169.254.170.2 (ECS task metadata), allowing credential theft from cloud environments.
Redirect following on user-supplied URLs -- HTTP client configured to follow redirects when fetching user-supplied URLs, enabling attackers to bypass URL validation by redirecting from an allowed domain to an internal target.
DNS rebinding vulnerability -- URL validation resolves the hostname to check the IP, but the actual HTTP request resolves it again, allowing a DNS record with a short TTL to return a different (internal) IP on the second resolution.
Indirect SSRF via document processors -- PDF generators (wkhtmltopdf, Puppeteer), SVG renderers, XML parsers (XXE), or webhook registration endpoints that fetch URLs without SSRF protection.

以下是服务器端请求伪造的高信号模式，每个模式都对应

references/detection-patterns.md

中的检测规则。

用户输入的URL传入HTTP客户端：HTTP请求函数（fetch、requests.get、http.Get、HttpClient）使用来自用户可控输入且未经过验证的URL。
缺失URL协议白名单：URL验证未将协议限制为http/https，允许file://、gopher://或其他危险协议。
未拦截内部IP范围：对用户提供的URL发起出站请求时，未检查解析后的IP是否属于私有/保留范围，导致内部网络扫描和服务访问。
云元数据端点可访问：未专门拦截169.254.169.254（AWS/Azure/GCP元数据）、metadata.google.internal或169.254.170.2（ECS任务元数据），导致云环境中的凭证被盗。
跟随用户提供URL的重定向：HTTP客户端配置为跟随用户提供URL的重定向，攻击者可通过从允许域名重定向到内部目标来绕过URL验证。
DNS重新绑定漏洞：URL验证时解析主机名检查IP，但实际HTTP请求时再次解析，允许TTL较短的DNS记录在第二次解析时返回不同的（内部）IP。
通过文档处理器实现的间接SSRF：PDF生成器（wkhtmltopdf、Puppeteer）、SVG渲染器、XML解析器（XXE）或Webhook注册端点在获取URL时未做SSRF防护。

Scanner Integration

扫描器集成

Scanner	Coverage	Command
semgrep	URL from user input, taint tracking through request calls	`semgrep scan --config auto --json --quiet <target>`
bandit	Python requests/urllib with user input	`bandit -r <target> -f json -q`
gosec	Go net/http with user input	`gosec -fmt json ./...`

Fallback (no scanner): Use Grep with patterns from

references/detection-patterns.md

to find HTTP client calls, URL construction from user input, and missing validation. Report findings with

confidence: medium

Relevant semgrep rule categories:

```
python.requests.security.ssrf.*
```
```
python.urllib.security.audit.ssrf.*
```
```
javascript.fetch.security.ssrf.*
```
```
java.net.security.audit.ssrf.*
```
```
go.net.security.audit.ssrf.*
```

扫描器	覆盖范围	命令
semgrep	用户输入URL追踪、请求调用的污点分析	`semgrep scan --config auto --json --quiet <target>`
bandit	Python requests/urllib的用户输入检测	`bandit -r <target> -f json -q`
gosec	Go语言net/http的用户输入检测	`gosec -fmt json ./...`

降级方案（无扫描器可用）：使用Grep结合

references/detection-patterns.md

中的规则，查找HTTP客户端调用、从用户输入构建URL以及缺失验证的情况。报告结果的置信度标记为

medium

。

Output Format

输出格式

Use the findings schema from

../../shared/schemas/findings.md

ID prefix:
```
SSRF
```
(e.g.,
```
SSRF-001
```
)
metadata.tool:
```
ssrf
```
metadata.framework:
```
owasp
```
metadata.category:
```
A10
```
references.owasp:
```
A10:2021
```
references.stride:
```
I
```
(Information Disclosure) or
```
E
```
(Elevation of Privilege)

Severity guidance for this category:

critical: SSRF to cloud metadata endpoint (169.254.169.254), unauthenticated endpoint with no URL validation
high: SSRF to internal network with no IP range blocking, redirect following enabled on user URLs
medium: Partial URL validation (scheme checked but IP not validated), DNS rebinding possible
low: SSRF risk in internal-only service not exposed to external users, URL construction from partially controlled input

使用

../../shared/schemas/findings.md

中的发现结果格式。

ID前缀：
```
SSRF
```
（例如
```
SSRF-001
```
）
metadata.tool：
```
ssrf
```
metadata.framework：
```
owasp
```
metadata.category：
```
A10
```
references.owasp：
```
A10:2021
```
references.stride：
```
I
```
（信息泄露）或
```
E
```
（权限提升）

本类别的严重程度指南：

critical：针对云元数据端点的SSRF、无URL验证的未认证端点
high：针对内部网络的SSRF且无IP范围拦截、用户URL启用跟随重定向
medium：部分URL验证（仅检查协议未验证IP）、存在DNS重新绑定风险
low：仅内部服务存在SSRF风险且未暴露给外部用户、URL由部分可控输入构建