Typescript Unsafe Nest Fetch Ssrf
Description
This detector identifies potential Server-Side Request Forgery (SSRF) vulnerabilities in TypeScript/NestJS applications where HTTP fetch operations use untrusted user input as URLs. SSRF attacks allow attackers to make requests from the server to internal systems or external resources, potentially exposing sensitive data or accessing restricted services.
Detection Strategy
• Identifies HTTP fetch operations in TypeScript/NestJS code that accept URL parameters from external sources
• Traces data flow from user-controlled inputs (request parameters, headers, body) to fetch/HTTP request functions
• Reports vulnerabilities when user input is directly used as a URL in fetch operations without proper validation or sanitization
• Focuses on common NestJS patterns where controller methods receive HTTP requests and use input data to make outbound HTTP calls
Vulnerable code example
import { Controller, Get, Query } from '@nestjs/common';
import fetch from 'node-fetch';
@Controller('ssrf')
export class SsrfController {
@Get('fetch')
async fetchUrl(@Query('url') url: string) {
const response = await fetch(url); // SSRF: user input directly used as URL...✅ Secure code example
import { Controller, Get, Query, BadRequestException } from '@nestjs/common';
import fetch from 'node-fetch';
@Controller('ssrf')
export class SsrfController {
@Get('fetch')
async fetchUrl(@Query('url') url: string) {
// Validate URL format and restrict to trusted hostname...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.