[PHP] Enable SSRF tests (#3769)

manifests/php.yml

@@ -205,17 +205,17 @@ tests/:
         Test_Sqli_UrlQuery: missing_feature
         Test_Sqli_Waf_Version:  v1.6.2
       test_ssrf.py:
-        Test_Ssrf_BodyJson: missing_feature
-        Test_Ssrf_BodyUrlEncoded: missing_feature
-        Test_Ssrf_BodyXml: missing_feature
-        Test_Ssrf_Capability: missing_feature
-        Test_Ssrf_Mandatory_SpanTags: missing_feature
-        Test_Ssrf_Optional_SpanTags: missing_feature
-        Test_Ssrf_Rules_Version:  v1.6.2
-        Test_Ssrf_StackTrace: missing_feature
+        Test_Ssrf_BodyJson: v1.7.0
+        Test_Ssrf_BodyUrlEncoded: v1.7.0
+        Test_Ssrf_BodyXml: v1.7.0
+        Test_Ssrf_Capability: v1.7.0
+        Test_Ssrf_Mandatory_SpanTags: v1.7.0
+        Test_Ssrf_Optional_SpanTags: v1.7.0
+        Test_Ssrf_Rules_Version: v1.7.0
+        Test_Ssrf_StackTrace: v1.7.0
         Test_Ssrf_Telemetry: missing_feature
-        Test_Ssrf_UrlQuery: missing_feature
-        Test_Ssrf_Waf_Version:  v1.6.2
+        Test_Ssrf_UrlQuery: v1.7.0
+        Test_Ssrf_Waf_Version: v1.7.0
     waf/:
       test_addresses.py:
         Test_BodyJson: v0.98.1 # TODO what is the earliest version?

utils/build/docker/php/common/rasp/ssrf.php

@@ -1 +1,23 @@
-<?php echo "Hello, SSRF!";
+<?php
+
+$domain = null;
+$contentType = $_SERVER['CONTENT_TYPE'] ?? "";
+switch ($contentType) {
+	case 'application/json':
+		$body = file_get_contents("php://input");
+		$decoded = json_decode($body, 1);
+		$domain = $decoded["domain"];
+		break;
+	case 'application/xml':
+		$body = file_get_contents("php://input");
+		$decoded = simplexml_load_string(stripslashes($body));
+		$domain = (string)$decoded[0];
+		break;
+	default:
+		$domain = urldecode($_REQUEST["domain"]);
+		break;
+}
+
+file_get_contents('http://'.$domain);
+
+echo "Hello, SSRF!";