From 9e880e3505eae29144c704d72d14ed23d5f36b0e Mon Sep 17 00:00:00 2001
From: Sander Hautvast <shautvast@gmail.com>
Date: Mon, 5 Feb 2024 12:17:47 +0100
Subject: [PATCH] Update sectraining.md

---
 sectraining.md | 34 ++++++++++++++++++++++++++++++++++
 1 file changed, 34 insertions(+)

diff --git a/sectraining.md b/sectraining.md
index 0df0550..82854ca 100644
--- a/sectraining.md
+++ b/sectraining.md
@@ -154,3 +154,37 @@ public class AdminService {
     ...
 }
 ```
+
+
+### Server-Side Request Forgery
+
+Vulnerable Example
+
+```java
+private static String fetchRemoteObject(String location) throws Exception {
+    URL url = new URL(location);
+    URLConnection connection = url.openConnection();
+    BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+    String body = reader.lines().collect(Collectors.joining());
+    return body;
+}
+```
+
+#### solution
+
+```java
+private static String fetchRemoteObject(String location) throws Exception {
+    URL url = new URL(location);
+
+    if (!url.getHost().endsWith(".example.com") ||
+        !url.getProtocol().equals("http") &&
+        !url.getProtocol().equals("https")) {
+        throw new Exception("Forbidden remote source");
+    }
+
+    URLConnection connection = url.openConnection();
+    BufferedReader reader = new BufferedReader(new InputStreamReader(connection.getInputStream()));
+    String body = reader.lines().collect(Collectors.joining());
+    return body;
+}
+```