Handling issues where backed returns URL links

Question

Handling issues where backed returns URL links

preetkaran20 opened this issue 3 years ago · comments

Karan Preet Singh Sasan commented 3 years ago

Issue:
As VulnerableApp-Facade calls the underlying applications based on the criteria which is defined in nginx-conf however in case applications return a URI inside the response which might not have that criteria then the calls to those URI will break.
an example is:

 location /XYZ {
    proxy_pass http://<something>:9090/PQR; 
}

Here if backend is returning any URI then that URL will be /PQR but backend should return /XYZ for facade usecase.

Solution:
Not sure how can we handle such usecases. Need to think more on this.

Karan Preet Singh Sasan · Answer 1 · Sun May 16 2021 14:08:37 GMT+0800 (China Standard Time)

Because backend vulnerableApplication is unaware about the caller so how can backend add the identifier ? Either we should send a special header from UI telling that the caller is facade or not such that backend can work appropriately.