As part of source code analysis lab i was researching to see what ChatGPT offers as compliant source code to some of the well known vulnerabilities. The one i was researching was about creating an application that vulnerable to SSRF(Server Side Request Forgery) and i came across the source code that ChatGPT listed as being vulnerable to SSRF and one of the recommendations to remediate the vulnerability.
One of the recommendations was creating a List using “Allowlist URLS” and i tested to my surprise the code doesn’t work as chat GPT Provided source code. What i ended doing was creating the project as recommended by ChatGPT and testing with URL that is part of the allow list and the code was not working. What I finally ended up doing was refactoring the code so it would work as it should. I have shared the video below on the process that i used to test the source code and also refactored source code working after making changes.
