From c53e4ea226b127b666192a7fc7ec85e7113045b2 Mon Sep 17 00:00:00 2001
From: Knugi <24708955+KnugiHK@users.noreply.github.com>
Date: Wed, 26 Jun 2024 14:32:05 +0000
Subject: [PATCH 1/2] Create a bcheck for detecting malicious Polyfill CDN

Know more about the supply chain attack of the Polyfill service at:
https://blog.cloudflare.com/polyfill-io-now-available-on-cdnjs-reduce-your-supply-chain-risk
https://community.fastly.com/t/new-options-for-polyfill-io-users/2540
---
 other/Javascript/malicious_polyfill_cdn.bcheck | 14 ++++++++++++++
 1 file changed, 14 insertions(+)
 create mode 100644 other/Javascript/malicious_polyfill_cdn.bcheck

diff --git a/other/Javascript/malicious_polyfill_cdn.bcheck b/other/Javascript/malicious_polyfill_cdn.bcheck
new file mode 100644
index 0000000..726f75b
--- /dev/null
+++ b/other/Javascript/malicious_polyfill_cdn.bcheck
@@ -0,0 +1,14 @@
+metadata:
+    language: v2-beta
+    name: "Malicious Polyfill CDN In Use"
+    description: "Look in responses to see if there are malicious Polyfill CDNs is in use"
+    tags: "passive"
+
+given response then
+    if {latest.response} matches "<script.*?src=\"(https?:)?//(cdn.)?polyfill.io/v[0-9]/polyfill\.min\.js.*?\".*?>" then
+        report issue:
+            severity: high
+            confidence: firm
+            detail: "The malicious Polyfill CDN polyfill.io is used on the website."
+            remediation: "Self-host a Polyfill service or use a more reliable CDN."
+    end if

From d349a70777e8908cc4ac72b4d7c00eb86862bad4 Mon Sep 17 00:00:00 2001
From: Knugi <24708955+KnugiHK@users.noreply.github.com>
Date: Wed, 26 Jun 2024 14:45:07 +0000
Subject: [PATCH 2/2] Add the author name to the bcheck file as required

---
 other/Javascript/malicious_polyfill_cdn.bcheck | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/other/Javascript/malicious_polyfill_cdn.bcheck b/other/Javascript/malicious_polyfill_cdn.bcheck
index 726f75b..6014836 100644
--- a/other/Javascript/malicious_polyfill_cdn.bcheck
+++ b/other/Javascript/malicious_polyfill_cdn.bcheck
@@ -2,7 +2,8 @@ metadata:
     language: v2-beta
     name: "Malicious Polyfill CDN In Use"
     description: "Look in responses to see if there are malicious Polyfill CDNs is in use"
-    tags: "passive"
+    author: "KnugiHK"
+    tags: "passive","javascript"
 
 given response then
     if {latest.response} matches "<script.*?src=\"(https?:)?//(cdn.)?polyfill.io/v[0-9]/polyfill\.min\.js.*?\".*?>" then