Server-side request forgery (SSRF) in puppeteer
Description
If unverified user data can reach the `puppeteer` methods it can result in Server-Side Request Forgery vulnerabilities.
Examples
Insecure Code
javascript
const puppeteer = require('puppeteer');
const express = require('express');
const app = express();
app.get('/', (req, res) => {
(async () => {
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto(req.query.foo);
await browser.close();
})();
});Secure Code
javascript
const puppeteer = require('puppeteer');
const express = require('express');
const app = express();
app.get('/', (req, res) => {
const userInput = req.query.foo;
const sanitizedInput = sanitizeUserInput(userInput);
(async () => {
const browser = await puppeteer.launch();
const page = await browser.newPage();
await page.goto(sanitizedInput);
await browser.close();
})();
});
function sanitizeUserInput(input) {
// implement input validation and sanitization logic here
return input;
}Remediation
Validate and sanitize user input before passing it to puppeteer methods
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0413 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-918 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | ssrf, injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |