Server-Side Request Forgery (SSRF)
Description
Server-Side-Request-Forgery (SSRF) exploits backend systems that initiate requests to third parties. If user input is used in constructing or sending these requests, an attacker could supply malicious data to force the request to other systems or modify request data to cause unwanted actions. Ensure user input is not used directly in constructing URLs or URIs when initiating requests to third party systems from back end systems.
Examples
Insecure Code
java
new URL(userInput).openConnection();Secure Code
java
String value = lookupTable.getOrDefault(userInput, "https://example.com/");
final HttpGet httpget = new HttpGet(value);Remediation
Use a server-side map to look up a key to be used in a HTTP request or encode user-supplied input prior to use and never allow full URLs.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0723 |
| Category | Injection |
| Severity | MEDIUM |
| CWE | CWE-918 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | SSRF, Server-Side Request Forgery |
| OWASP | A1:2017-Injection, A10:2021-Server-Side Request Forgery |