Typescript Express Http Https Ssrf
Description
This detector identifies Server-Side Request Forgery (SSRF) vulnerabilities in Express.js applications where HTTP/HTTPS requests are made using user-controlled input. SSRF attacks allow attackers to force the server to make requests to unintended destinations, potentially accessing internal services or sensitive endpoints.
Detection Strategy
• Identifies Express.js route handlers or middleware functions that accept user input through request parameters, query strings, or request body
• Detects HTTP/HTTPS client libraries being used (such http.get, https.request) within these route handlers
• Checks if user-controlled data flows directly into URL parameters of HTTP/HTTPS requests without proper validation or sanitization
• Reports vulnerabilities when external HTTP requests use URLs that can be manipulated by user input, creating potential SSRF attack vectors
Vulnerable code example
const http = require('http');
const express = require('express');
const app = express();
app.get('/fetch', (req, res) => {
const url = req.query.url; // User input
...✅ Secure code example
const http = require('http');
const express = require('express');
const app = express();
const ALLOWED_DOMAINS = ['example.com', 'api.safe.com'];
app.get('/fetch', (req, res) => {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.