-
Notifications
You must be signed in to change notification settings - Fork 110
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
chore(BChecks): Add UUID Detected - GUID versions
- Loading branch information
Showing
1 changed file
with
87 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,87 @@ | ||
metadata: | ||
language: v1-beta | ||
name: "UUID detected" | ||
description: "GUID Versions" | ||
description: "This bcheck template passively identifies and reports the use of various UUID versions within application requests." | ||
|
||
author: "vavkamil" | ||
tags: "passive", "guid", "uuid" | ||
|
||
define: | ||
references = "References | ||
- https://www.intruder.io/research/in-guid-we-trust | ||
- https://portswigger.net/bappstore/65f32f209a72480ea5f1a0dac4f38248 | ||
- https://datatracker.ietf.org/doc/html/rfc4122 | ||
- https://www.uuidtools.com/uuid-versions-explained" | ||
detail_uuid_v1 = `The request contains GUID Version 1 at | ||
|
||
{latest.request.url} | ||
|
||
The GUID is generated using | ||
- Current timestamp | ||
- A clock sequence that remains static for the duration of the system's uptime | ||
- A node ID, often based on the system's MAC address (if accessible). | ||
|
||
{references}` | ||
detail_uuid_v3 = `The request contains GUID Version 3 at | ||
|
||
{latest.request.url} | ||
|
||
The GUID is generated using the MD5 hash of a name combined with a namespace ID. | ||
|
||
{references}` | ||
detail_uuid_v4 = `The request contains GUID Version 4 at | ||
|
||
{latest.request.url} | ||
|
||
The GUID is generated randomly, making it unpredictable and more complicated to reproduce. | ||
|
||
It's considered safer for most use-cases compared to other versions, although its entropy should be checked. | ||
|
||
{references}` | ||
detail_uuid_v5 = `The request contains GUID Version 5 at | ||
|
||
{latest.request.url} | ||
|
||
The GUID is generated using the SHA-1 hash of a name combined with a namespace ID. | ||
|
||
{references}` | ||
issueRemediation = "The application should use GUID v4, which is randomly generated. | ||
|
||
An attacker might be able to generate UUID using predictable data." | ||
issueRemediation_ok = "The application is using GUID v4, which is randomly generated." | ||
|
||
given response then | ||
# UUID v1 - RFC 4122 variant | ||
# Example: 0f9a9c50-79b9-11ee-b962-0242ac120002 | ||
if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[1][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then | ||
report issue: | ||
severity: high | ||
confidence: firm | ||
detail: `{detail_uuid_v1}` | ||
remediation: `{issueRemediation}` | ||
# UUID v3 - RFC 4122 variant | ||
# Example: 3d813cbb-47fb-32ba-91df-831e1593ac29 | ||
else if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[3][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then | ||
report issue: | ||
severity: low | ||
confidence: firm | ||
detail: `{detail_uuid_v3}` | ||
remediation: `{issueRemediation}` | ||
# UUID v4 - RFC 4122 variant | ||
# Example: 9f1e379d-e839-4d3a-9c2a-1d4dde67f75c | ||
else if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[4][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then | ||
report issue: | ||
severity: info | ||
confidence: firm | ||
detail: `{detail_uuid_v4}` | ||
remediation: `{issueRemediation_ok}` | ||
# UUID v5 - RFC 4122 variant | ||
# Example: 74738ff5-5367-5958-9aee-98fffdcd1876 | ||
else if {base.request.url} matches "[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[5][0-9a-fA-F]{3}-[89abAB][0-9a-fA-F]{3}-[0-9a-fA-F]{12}" then | ||
report issue: | ||
severity: low | ||
confidence: firm | ||
detail: `{detail_uuid_v5}` | ||
remediation: `{issueRemediation}` | ||
end if |