Typescript Unsafe Nest Axios Ssrf
Description
This detector identifies Server-Side Request Forgery (SSRF) vulnerabilities in TypeScript/Nest.js applications using Axios for HTTP requests. SSRF occurs when an application makes HTTP requests to URLs that can be controlled by attackers, potentially allowing access to internal services or sensitive endpoints that should not be publicly accessible.
Detection Strategy
• Scans TypeScript source code for Nest.js applications that use Axios for making HTTP requests
• Identifies HTTP request methods (GET, POST, PUT, DELETE, etc.) where the URL parameter comes from user input
• Detects when request URLs are constructed using unsanitized user data from request parameters, query strings, or request bodies
• Flags cases where URL validation, allowlisting, or proper input sanitization is missing before making the HTTP request
• Reports vulnerabilities when user-controlled data flows directly into Axios request URL parameters without security controls
Vulnerable code example
import { Controller, Get, Query } from '@nestjs/common';
import axios from 'axios';
@Controller('api')
export class ApiController {
@Get('fetch')
async fetchData(@Query('url') url: string) {
return axios.get(url); // User input directly used in HTTP request - SSRF vulnerability...✅ Secure code example
import { Controller, Get, Query } from '@nestjs/common';
import axios from 'axios';
@Controller('api')
export class ApiController {
@Get('fetch')
async fetchData(@Query('url') url: string) {
// Map user input to predefined trusted URLs - prevents SSRF...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.