Unsanitized user input in HTTP request (SSRF)
Overview
Rule ID:
javascript_express_server_side_request_forgery
Applicable Languages: Javascript
Weakness ID: CWE-918
Description
Incorporating unsanitized user input directly into URLs for data retrieval exposes your application to server-side request forgery (SSRF) attacks. This vulnerability occurs when URLs include user-provided data without proper validation or sanitization.
Remediation Guidelines
Do not directly use user input to construct URLs for backend requests, as this can lead to SSRF vulnerabilities.
axios.get(`https://${req.params.host}`); // unsafe
Do validate or sanitize user input before using it in URLs. Prefer using a predefined list of allowed hosts and map user input to this list to ensure only safe and expected URLs are constructed.
var host = "default-api.com"; if (req.params.host === "something-else") { host = "other-api.com"; } axios.get(`https://${host}`);
References
Configuration
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL
Last updated