Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create a bcheck for detecting malicious Polyfill CDN #211

Merged
merged 2 commits into from
Jun 27, 2024
Merged

Create a bcheck for detecting malicious Polyfill CDN #211

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c53e4ea
Create a bcheck for detecting malicious Polyfill CDN
KnugiHK Jun 26, 2024
d349a70
Add the author name to the bcheck file as required
KnugiHK Jun 26, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions other/Javascript/malicious_polyfill_cdn.bcheck
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
metadata:
language: v2-beta
name: "Malicious Polyfill CDN In Use"
description: "Look in responses to see if there are malicious Polyfill CDNs is in use"
author: "KnugiHK"
tags: "passive","javascript"

given response then
if {latest.response} matches "<script.*?src=\"(https?:)?//(cdn.)?polyfill.io/v[0-9]/polyfill\.min\.js.*?\".*?>" then
report issue:
severity: high
confidence: firm
detail: "The malicious Polyfill CDN polyfill.io is used on the website."
remediation: "Self-host a Polyfill service or use a more reliable CDN."
end if
Loading