Insufficient sanitization of potentially untrusted URLs on the server side can lead to the server issuing requests to unwanted hosts, ports, or protocols, which can bypass proxies, firewalls, and other security measures.
1import express, { Request, Response } from 'express'
2import request from 'request'
3var app = express()
4
5function serverSideRequestForgeryNoncompliant() {
6 app.get('/data/img', (req: Request, res: Response) => {
7 var url = req.body.imageUrl
8
9 // Noncompliant: user provided url is used to make a request.
10 request.get(url)
11 });
12}
1import express, { Request, Response } from 'express'
2import request from 'request'
3var app = express()
4
5function serverSideRequestForgeryCompliant() {
6 app.get('/data/img', (req: Request, res: Response) => {
7 // Compliant: url used to make a request is not user provided.
8 var url = 'https://example.com'
9
10 request.get(url)
11 })
12}