mcp-server-semgrep/semgrep-rules/php/lang/security/php-ssrf.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
  - id: php-ssrf
    patterns:
      - pattern-either:
          - pattern: |
              $VAR=$DATA;
              ...
              $FUNCS(...,$VAR, ...);
          - pattern: $FUNCS(...,$DATA, ...);
      - metavariable-pattern:
          metavariable: $DATA
          patterns:
            - pattern-either:
                - pattern: $_GET
                - pattern: $_POST
                - pattern: $_COOKIE
                - pattern: $_REQUEST
      - metavariable-pattern:
          metavariable: $FUNCS
          patterns:
            - pattern-either:
                - pattern: curl_setopt
                - pattern: fopen
                - pattern: file_get_contents
                - pattern: curl_init
                - pattern: readfile
    message: The web server receives a URL or similar request from an upstream
      component and retrieves the contents of this URL, but it does not
      sufficiently ensure that the request is being sent to the expected
      destination. Dangerous function $FUNCS with payload $DATA
    metadata:
      references: 
        - https://cheatsheetseries.owasp.org/cheatsheets/Server_Side_Request_Forgery_Prevention_Cheat_Sheet.html
      cwe:
        - "CWE-918: Server-Side Request Forgery (SSRF)"
      category: security
      technology:
        - php
      owasp:
        - A10:2021 - Server-Side Request Forgery (SSRF)
      cwe2022-top25: true
      subcategory:
        - audit
      likelihood: LOW
      impact: HIGH
      confidence: LOW
    languages:
      - php
    severity: ERROR