Typescript Express Fetch Ssrf
Description
This detector identifies Server-Side Request Forgery (SSRF) vulnerabilities in TypeScript Express applications that use fetch() for making HTTP requests. SSRF occurs when an application makes requests to URLs controlled by user input without proper validation, allowing attackers to access internal resources or external systems on behalf of the server.
Detection Strategy
• Scans TypeScript files in Express.js applications for usage of the fetch() function or similar HTTP request methods
• Identifies cases where URL parameters passed to fetch() may be influenced by user-controlled input (query parameters, request body, headers, etc.)
• Flags situations where URLs are constructed using user input without proper validation, sanitization, or allowlisting
• Detects when external HTTP requests are made with URLs that could potentially target internal network resources or unintended external endpoints
Vulnerable code example
import express from 'express';
import fetch from 'node-fetch';
const app = express();
app.get('/proxy', async (req, res) => {
const url = req.query.url;
// User input flows directly to fetch - enables SSRF attacks...✅ Secure code example
import express from 'express';
import fetch from 'node-fetch';
const app = express();
const ALLOWED_DOMAINS = ['example.com', 'api.safe.com'];
app.get('/proxy', async (req, res) => {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.