Server-side request forgery (SSRF) in wkhtmltopdf
Description
User controlled URL reached to `wkhtmltopdf` can result in Server Side Request Forgery (SSRF). This vulnerability allows an attacker to make unauthorized requests to internal or external services, potentially leading to sensitive data exposure or other security issues.
Examples
Insecure Code
javascript
const wkhtmltopdf = require('wkhtmltopdf');
wkhtmltopdf('http://example.com/' + req.query.url);Secure Code
javascript
const wkhtmltopdf = require('wkhtmltopdf');
const allowedUrls = ['http://example.com'];
if (allowedUrls.includes(req.query.url)) {
wkhtmltopdf(req.query.url);
} else {
// handle error
}Remediation
Validate and sanitize user input before passing it to `wkhtmltopdf`. Ensure that only trusted and expected URLs are allowed.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0415 |
| Category | Injection |
| Severity | CRITICAL |
| CWE | CWE-918 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | ssrf, injection |
| OWASP | A1:2017-Injection, A03:2021-Injection |