Unsanitized user input in HTTP request (SSRF)

Overview

Rule ID: java_lang_http_url_using_user_input
Applicable Languages: Java
Weakness ID: CWE-918

Description

Including user input directly in HTTP request URLs can expose vulnerabilities to Server-Side Request Forgery (SSRF) attacks. This occurs when an attacker can manipulate the destination of an HTTP request initiated by the server.

Remediation Guidelines

Avoid concatenating or directly incorporating user input into URLs for HTTP requests. This practice can enable attackers to manipulate requests to unauthorized or malicious sites.
```
new URL(request.getParameter("someRandomUrl")).getContent(); // unsafe
```
Instead, validate or map user inputs to predefined options before using them to construct URLs. This approach ensures that the application only requests URLs to known, safe destinations.
```
String url;
if (request.getParameter("selectedUrl").equals("option1")) {
 url = "https://api1.com";
} else {
 url = "https://api2.com";
}
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUnsanitized user input in format string detected NextUnsanitized user input in HTTP response (XSS)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration