Server-side request forgery (SSRF) via phantom

Description

If unverified user data can reach the `phantom` methods it can result in Server-Side Request Forgery vulnerabilities.

Examples

Insecure Code

javascript

const phantom = require('phantom');
phantom.create().then(function(ph) {
  return ph.createPage().then(function(page) {
    page.open(req.query.foo);
  });
});

Secure Code

javascript

const phantom = require('phantom');
const url = require('url');
phantom.create().then(function(ph) {
  return ph.createPage().then(function(page) {
    const userInput = req.query.foo;
    const sanitizedInput = url.parse(userInput);
    if (sanitizedInput.protocol === 'http:' || sanitizedInput.protocol === 'https:') {
      page.open(sanitizedInput.href);
    }
  });
});

Remediation

Validate and sanitize user input before passing it to `phantom` methods

Rule Details

Field	Value
ID	CODE-0411
Category	Injection
Severity	CRITICAL
CWE	CWE-918
Confidence	HIGH
Impact	HIGH
Likelihood	MEDIUM
Exploitability	EASY
Tags	ssrf, injection
OWASP	A1:2017-Injection, A03:2021-Injection

Overview

SAST (Application Security)

SCA (Dependencies)

Secrets Detection

IaC Security

License Compliance

SAST Rules

IaC Rules

License Rules

Server-side request forgery (SSRF) via phantom

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details

SAST Rules

IaC Rules

License Rules

Server-side request forgery (SSRF) via phantom ​

Description ​

Examples ​

Insecure Code ​

Secure Code ​

Remediation ​

Rule Details ​

Server-side request forgery (SSRF) via phantom

Description

Examples

Insecure Code

Secure Code

Remediation

Rule Details