Scala Ssrf Tainted Url Sink
Description
Detects Server-Side Request Forgery (SSRF) vulnerabilities in Scala applications using the scalaj-http library. The vulnerability occurs when untrusted user input can control HTTP request URLs, potentially allowing attackers to make requests to internal systems or arbitrary external servers.
Detection Strategy
• Check if the scalaj.http library is imported in the source code
• Identify calls to Http constructor/methods with URL parameters
• Examine if the URL parameter comes from untrusted sources or user-controlled input
• Report a vulnerability when an Http request is made with a URL derived from tainted data
Vulnerable code example
package controllers
import play.api.mvc._
import scalaj.http.{Http, HttpResponse}
import scala.concurrent.Future
def makeRequest: Action[AnyContent] = Action.async { request =>
// Vulnerable: Uses unvalidated user input as URL for HTTP request...✅ Secure code example
package controllers
import play.api.mvc._
import scalaj.http.{Http, HttpResponse}
import scala.concurrent.Future
def makeRequest: Action[AnyContent] = Action.async { request =>
val targetUrl = request.getQueryString("url").getOrElse("").trim...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.