Risk of server-side request forgery detected.

Rule ID: javascript_express_server_side_request_forgery
Languages: javascript
Source: server_side_request_forgery.yml

Description

Using unsanitized URLs from the request object when retrieving data puts your application at risk of server-side request forgery (SSRF) attacks. This rule checks for URLs containing user-supplied data.

Remediations

❌ Avoid using user input in URLs:

axios.get(`https://${req.params.host}`)

✅ Use user input indirectly to form a URL:

var host = "default-api.com"
if req.params.host == "something-else" {
  host = "other-api.com"
}

axios.get(`https://${host}`)

Resources

OWASP - Server-Side Request Forgery (SSRF) prevention cheat sheet

Associated CWE

CWE-918: Server-Side Request Forgery (SSRF)

OWASP Top 10

A10:2021 - Server-side Request Forgery (SSRF)

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_server_side_request_forgery

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_server_side_request_forgery

Ready to take the next step? Learn more about Bearer Cloud.