Javascript Express Fetch Ssrf
Description
This detector identifies Server-Side Request Forgery (SSRF) vulnerabilities in JavaScript Express applications where user-controlled input is used in fetch operations without proper validation. SSRF attacks allow attackers to make the server perform requests to unintended locations, potentially accessing internal resources or external systems.
Detection Strategy
• Identifies fetch() function calls within Express.js application code
• Analyzes if the URL parameter of fetch operations contains user-controllable input (from request parameters, headers, body, etc.)
• Reports vulnerability when user input can directly influence the destination URL without proper validation or sanitization
• Focuses specifically on Express framework patterns where request data flows into fetch operations
Vulnerable code example
import express from 'express';
import fetch from 'node-fetch';
const app = express();
app.get('/proxy', async (req, res) => {
const url = req.query.url;
// Direct user input flows into fetch - enables SSRF attacks...✅ Secure code example
import express from 'express';
import fetch from 'node-fetch';
const app = express();
const ALLOWED_DOMAINS = ['example.com', 'api.safe.com'];
app.get('/proxy', async (req, res) => {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.