Javascript Express Http Https Ssrf
Description
This detector identifies Server-Side Request Forgery (SSRF) vulnerabilities in Express.js applications where HTTP/HTTPS requests are made using user-controlled URLs. SSRF occurs when an application makes requests to URLs that can be manipulated by attackers, potentially allowing access to internal services or sensitive endpoints.
Detection Strategy
• Identifies Express.js applications that make HTTP or HTTPS requests using libraries like Node.js http/https modules
• Checks if the URL parameter for these HTTP requests comes from user input (request parameters, body, headers, etc.)
• Reports a vulnerability when user-controlled data is used directly in HTTP/HTTPS request URLs without proper validation or sanitization
• Focuses on Express.js route handlers where external HTTP requests are made based on client-provided URLs
Vulnerable code example
import express from 'express';
import http from 'http';
const app = express();
app.use(express.json());
app.get('/fetch', (req, res) => {
const url = req.query.url;...✅ Secure code example
import express from 'express';
import http from 'http';
const app = express();
app.use(express.json());
const ALLOWED_DOMAINS = ['example.com', 'api.safe.com'];
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.