Typescript Unsafe Nest Http Https Ssrf
Description
This detector identifies Server-Side Request Forgery (SSRF) vulnerabilities in NestJS applications where HTTP/HTTPS requests are made using user-controlled URLs. SSRF attacks allow attackers to make requests from the server to internal or external resources, potentially accessing sensitive data or internal services that should not be publicly accessible.
Detection Strategy
• Identifies NestJS HTTP client calls within controller methods or services
• Analyzes if the URL parameter for HTTP/HTTPS requests comes from user input (request parameters, body, headers, or query strings)
• Reports a vulnerability when user-controlled data flows directly into HTTP client URL parameters without proper validation or sanitization
• Focuses on methods that make outbound HTTP/HTTPS requests where the destination URL can be influenced by external input
Vulnerable code example
import { Controller, Get, Query } from '@nestjs/common';
import * as http from 'http';
@Controller('ssrf')
export class SsrfController {
@Get('request')
async makeRequest(@Query('url') url: string) {
// VULNERABLE: User-controlled URL passed directly to http.request...✅ Secure code example
import { Controller, Get, Query } from '@nestjs/common';
import * as http from 'http';
import { URL } from 'url';
@Controller('ssrf')
export class SsrfController {
private readonly allowedHosts = ['api.trusted-service.com', 'status.mycompany.com'];
...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.