logo

Database

Elixir Finch Request Forgery

Description

This detector identifies Elixir code that uses the Finch HTTP client library in an unsafe manner, potentially allowing Server-Side Request Forgery (SSRF) attacks. SSRF vulnerabilities occur when an application makes HTTP requests to URLs controlled by user input without proper validation, enabling attackers to access internal services or perform unauthorized requests.

Weakness:

100 - Server-side request forgery (SSRF)

Category: Deceptive Interactions

Detection Strategy

    Scans Elixir source code for function calls related to the Finch HTTP client library

    Identifies Finch request methods (like Finch.build/4, Finch.request/3, etc.) that accept URL parameters

    Flags cases where user-controlled input could be passed as the URL parameter to Finch HTTP requests

    Reports vulnerabilities when URL destinations in Finch calls are not properly validated or sanitized before use

Vulnerable code example

defmodule VulnerableProxy do
  use Plug.Router
  
  plug :match
  plug :dispatch

  get "/proxy" do
    # Vulnerable: User-controlled URL enables SSRF attacks...

✅ Secure code example

defmodule SecureProxy do
  use Plug.Router
  
  plug :match
  plug :dispatch

  get "/proxy" do
    url = conn.params["url"]...