Javascript Playwright Addinitscript Ssrf
Description
Detects potential Server-Side Request Forgery (SSRF) vulnerabilities in JavaScript code using Playwright's addInitScript method. The vulnerability can occur when untrusted/dynamic scripts containing network requests are injected via addInitScript, which executes JavaScript code in the browser context.
Detection Strategy
• Check if the source file imports the 'playwright' module/package
• Look for calls to methods ending with 'addInitScript'
• Examine the arguments passed to addInitScript to check if they contain dynamic/user-controlled values
• Report a vulnerability if dynamic/untrusted content can be injected into the script parameter
Vulnerable code example
const { chromium } = require('playwright');
async function vulnerable(req) {
const userInput = req.query.url; // Untrusted input from request query
const browser = await chromium.launch();
const context = await browser.newContext();
// Vulnerable: userInput is directly interpolated into script without sanitization...✅ Secure code example
const { chromium } = require('playwright');
const { URL } = require('url');
async function secure(req) {
try {
const userInput = req.query.url;
// Validate URL format and protocol...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.