Typescript Http Response In Local Storage
Description
Detects when HTTP response data is stored directly in browser localStorage, which could expose sensitive information to malicious actors. Storing sensitive server responses in localStorage is risky since the data is saved as plaintext and accessible via JavaScript.
Detection Strategy
• Identifies assignments to localStorage.setItem() or localStorage[] where the value comes from HTTP response data
• Looks for patterns where response data from network requests is stored directly in localStorage without encryption
• Triggers when HTTP response content is assigned to localStorage methods like setItem() or direct property assignment
• Examines data flow between network responses and localStorage operations to find sensitive data exposure
Vulnerable code example
const client = new XMLHttpRequest();
client.open("GET", "http://example.com/data", true); // ❌ Using insecure HTTP transport
client.send(null);
client.onload = () => {
if (client.status === 200 && client.responseXML != null) {
// ❌ Storing untrusted XML from network in localStorage
localStorage.setItem("response", client.responseXML);...✅ Secure code example
const client = new XMLHttpRequest();
client.open("GET", "https://example.com/data", true); // ✅ Using secure HTTPS transport
client.onload = function() { // ✅ Using function() for correct 'this' binding
if (this.status === 200 && this.responseXML != null) {
// ✅ Extract and validate specific data instead of storing raw XML
const safeData = extractSafeData(this.responseXML);
localStorage.setItem("response", JSON.stringify(safeData));...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.