Unsanitized user input in HTTP request (SSRF)

Overview

Rule ID: javascript_express_server_side_request_forgery
Applicable Languages: Javascript
Weakness ID: CWE-918

Description

Incorporating unsanitized user input directly into URLs for data retrieval exposes your application to server-side request forgery (SSRF) attacks. This vulnerability occurs when URLs include user-provided data without proper validation or sanitization.

Remediation Guidelines

Do not directly use user input to construct URLs for backend requests, as this can lead to SSRF vulnerabilities.
```
axios.get(`https://${req.params.host}`); // unsafe
```
Do validate or sanitize user input before using it in URLs. Prefer using a predefined list of allowed hosts and map user input to this list to ensure only safe and expected URLs are constructed.
```
var host = "default-api.com";
if (req.params.host === "something-else") {
host = "other-api.com";
}

axios.get(`https://${host}`);
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUnsanitized user input in format string NextUnsanitized user input in HTTP request (SSRF)

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration