mirror of
https://github.com/elicpeter/nyx.git
synced 2026-06-15 20:05:13 +02:00
34 lines
671 B
Go
34 lines
671 B
Go
// SSRF — negative fixture.
|
|
// Safe: only allows http/https scheme; file:// rejected.
|
|
// Entry: FetchURL(targetURL string) Cap: SSRF
|
|
// Expected verdict: NotConfirmed
|
|
|
|
package entry
|
|
|
|
import (
|
|
"fmt"
|
|
"io"
|
|
"net/http"
|
|
"net/url"
|
|
)
|
|
|
|
func FetchURL(targetURL string) {
|
|
parsed, err := url.Parse(targetURL)
|
|
if err != nil || (parsed.Scheme != "http" && parsed.Scheme != "https") {
|
|
fmt.Println("Scheme not allowed:", parsed.Scheme)
|
|
return
|
|
}
|
|
resp, err := http.Get(targetURL)
|
|
if err == nil {
|
|
defer resp.Body.Close()
|
|
body, _ := io.ReadAll(resp.Body)
|
|
fmt.Print(string(body[:min(len(body), 64)]))
|
|
}
|
|
}
|
|
|
|
func min(a, b int) int {
|
|
if a < b {
|
|
return a
|
|
}
|
|
return b
|
|
}
|