Server side request forgery High

Insufficient sanitization of potentially untrusted URLs on the server side can lead to the server issuing requests to unwanted hosts, ports, or protocols, which can bypass proxies, firewalls, and other security measures.

Detector ID
typescript/server-side-request-forgery@v1.0
Category

Noncompliant example

1import express, { Request, Response } from 'express'
2import request from 'request'
3var app = express()
4
5function serverSideRequestForgeryNoncompliant() {
6  app.get('/data/img', (req: Request, res: Response) => {
7    var url = req.body.imageUrl
8
9    // Noncompliant: user provided url is used to make a request.
10    request.get(url)
11  });
12}

Compliant example

1import express, { Request, Response } from 'express'
2import request from 'request'
3var app = express()
4
5function serverSideRequestForgeryCompliant() {
6  app.get('/data/img', (req: Request, res: Response) => {
7    // Compliant: url used to make a request is not user provided.
8    var url = 'https://example.com'
9
10    request.get(url)
11  })
12}