Skip to content

Conversation

seran
Copy link
Contributor

@seran seran commented Aug 18, 2025

No description provided.

@seran seran marked this pull request as ready for review August 26, 2025 09:22
httpCallbackVerifier.isCallbackURL(gene.getValueAsRawString())
}

if (hasCallBackURL) {
// FIXME: When the code reaches this point during SSRF phase
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @arcuri82,

I can see the code reach the AbstractRestFitness during the SSRF detection phase. However, WireMock seems to be null at this point although it was initiated earlier. I'm not sure why this is happening, need your assistance to debug this further.

@@ -75,7 +80,9 @@ class HttpCallbackVerifier {
* Method generates a unique callback link to be used as payload for SSRF.
*/
fun generateCallbackLink(name: String): String {
val ssrfPath = "/sink/${counter++}"
// FIXME: sink/EM_0 <- slash get replaced with a comma at some point, which fails
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This was a problem too, for some reason slash after sink get replaced with a comma when recomputing the fitness.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants