Server-Side Request Forgery (SSRF)
Description
This application allows user-controlled URLs to be passed directly to HTTP client libraries, which can result in Server-Side Request Forgery (SSRF). SSRF refers to an attack where the attacker can abuse functionality on the server to force it to make requests to other internal systems within your infrastructure that are not directly exposed to the internet.
Examples
Insecure Code
javascript
axios.get(userInput)Secure Code
javascript
var whitelist = ["https://example.com", "https://example.com/sample"]; if(whitelist.includes(userInput)){ axios.get(userInput) }Remediation
Use hardcoded HTTP request calls or a whitelisting object to check whether the user input is trying to access allowed resources or not.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0410 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-918 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | SSRF, Server-Side Request Forgery |
| OWASP | A1:2017-Injection, A03:2021-Injection |