Server Side Request Forgery (SSRF)
Description
Server-Side-Request-Forgery (SSRF) exploits backend systems that initiate requests to third parties. If user input is used in constructing or sending these requests, an attacker could supply malicious data to force the request to other systems or modify request data to cause unwanted actions. Ensure user input is not used directly in constructing URLs or URIs when initiating requests to third party systems from back end systems.
Examples
Insecure Code
go
resp, err := http.Get(userInput)Secure Code
go
httpClient := &http.Client{ Transport: SafeTransport(clientConnectTimeout), }; resp, err := httpClient.Get(requestUrl)Remediation
Use a safe HTTP client that disallows access to loopback and RFC-1918 addresses, restrict to known URIs or payloads, and consider using a server-side map to return URLs.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0789 |
| Category | Web |
| Severity | MEDIUM |
| CWE | CWE-918 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | ssrf, injection |
| OWASP | A1:2017-Injection, A10:2021-Server-Side Request Forgery |