Javascript Ssrf Untrusted Input
Description
Detects Server-Side Request Forgery (SSRF) vulnerabilities in JavaScript applications using the wkhtmltopdf library. The vulnerability occurs when untrusted user input is passed directly to wkhtmltopdf, which could allow attackers to access internal resources or execute arbitrary file reads.
Detection Strategy
• Check if wkhtmltopdf module is imported in the JavaScript code
• Identify function calls to wkhtmltopdf
• Examine if the first argument passed to wkhtmltopdf contains user-controllable or untrusted input
• Flag instances where unvalidated input is used in wkhtmltopdf calls as potential SSRF vulnerabilities
Vulnerable code example
const wkhtmltopdf = require('wkhtmltopdf');
function createPdf(req, res) {
const userInput = req.query.url; // User-controlled input from query parameter
// Vulnerable: Direct use of user input in wkhtmltopdf without validation
wkhtmltopdf(userInput, { quiet: true }).pipe(res);
}✅ Secure code example
const wkhtmltopdf = require('wkhtmltopdf');
// Helper function to validate URLs
function isValidUrl(url) {
try {
const urlObj = new URL(url);
return urlObj.protocol === 'https:'; // Only allow HTTPS URLs
} catch {...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.