Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a bcheck for detecting malicious Polyfill CDN #211

Merged
merged 2 commits into from
Jun 27, 2024
Merged

Create a bcheck for detecting malicious Polyfill CDN #211

merged 2 commits into from
Jun 27, 2024

Conversation

KnugiHK
Copy link
Contributor

@KnugiHK KnugiHK commented Jun 26, 2024

The well-known Polyfill service CDN (polyfill.io) has been sold, and it is now serving malicious JavaScript code. Website owners using this CDN should remove the associated code from their sites immediately. For more information about this supply chain attack, visit https://sansec.io/research/polyfill-supply-chain-attack.

BCheck Contributions

  • BCheck compiles and executes as expected
  • BCheck contains appropriate metadata (name, version, author, description and appropriate tags)
  • Only .bcheck files have been added or modified
  • BCheck is in the appropriate folder
  • PR contains single or limited number of BChecks (Multiple PRs are preferred)
  • BCheck attempts to minimize false positives

Copy link
Collaborator

@PortSwiggerWiener PortSwiggerWiener left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Many thanks for your submission. It's a really nice use of BChecks.

Looks good 👍

Copy link
Contributor

@Hannah-PortSwigger Hannah-PortSwigger left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@Hannah-PortSwigger Hannah-PortSwigger merged commit 29fb2a7 into PortSwigger:main Jun 27, 2024
2 checks passed
@KnugiHK
Copy link
Contributor Author

KnugiHK commented Jun 27, 2024

Thanks!

@jmasters410
Copy link

Suggest adding domains from June 28th update on https://sansec.io/research/polyfill-supply-chain-attack to ensure detection on other domains.

@PortSwiggerWiener
Copy link
Collaborator

@jmasters410 Great idea. Fancy submitting a PR? :)

@PortSwiggerWiener
Copy link
Collaborator

@jmasters410 Here you go: https://github.com/PortSwigger/BChecks/blob/main/other/Javascript/malicious_javascript_imported.bcheck

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

Successfully merging this pull request may close these issues.

4 participants