AWS logo
Amazon CodeGuruDetector Library

Server-side request forgery High

Insufficient sanitization of potentially untrusted URLs on the server side can lead to the server issuing requests to unwanted hosts, ports, or protocols, which can bypass proxies, firewalls, and other security measures.

Detector ID
javascript/server-side-request-forgery@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1var express = require('express')
2var app = express()
3var request = require('request')
4
5function serverSideRequestForgeryNoncompliant() {
6    app.get('/data/img', (req, res) => {
7        var url = req.body.imageUrl
8        // Noncompliant: user provided url is used to make a request.
9        request.get(url)
10    })
11}

Compliant example

1var express = require('express')
2var app = express()
3var request = require('request')
4
5function serverSideRequestForgeryCompliant() {
6    app.get('/data/img', (req, res) => {
7        // Compliant: url used to make a request is not user provided.
8        var url = 'https://example.com'
9        request.get(url)
10    })
11}