ajinabraham.njsscan.ssrf.ssrf_node.node_ssrf
ajinabraham
Author
unknown
Download Count*
License
User controlled URL in http client libraries can result in Server Side Request Forgery (SSRF).
Run Locally
Run in CI
Defintion
rules:
- id: node_ssrf
patterns:
- pattern-either:
- pattern-inside: |
require('request')
...
- pattern-inside: |
require('axios')
...
- pattern-inside: |
require('needle')
...
- pattern-inside: |
require('bent')
...
- pattern-inside: |
require('urllib')
...
- pattern-inside: |
require('net')
...
- pattern-inside: |
require('https')
...
- pattern-inside: |
require('superagent')
...
- pattern-inside: |
require('got')
...
- pattern-either:
- pattern-inside: function ($REQ, $RES, ...) {...}
- pattern-inside: function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: $X = function $FUNC($REQ, $RES, ...) {...}
- pattern-inside: var $X = function $FUNC($REQ, $RES, ...) {...};
- pattern-inside: $APP.$METHOD(..., function $FUNC($REQ, $RES, ...) {...})
- pattern-either:
- pattern: |
$PKG.get(<... $REQ.$VAR ...>, ...)
- pattern: |
$PKG.get(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
$PKG.post(<... $REQ.$VAR ...>, ...)
- pattern: |
$PKG.post(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
$PKG.put(<... $REQ.$VAR ...>, ...)
- pattern: |
$PKG.put(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
needle("=~/^[get|post|put]+$/i", <... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
needle("=~/^[get|post|put]+$/i", <... $REQ.$VAR ...>, ...)
- pattern: |
request(<... $REQ.$VAR ...>, ...)
- pattern: |
request(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
$PKG.request(<... $REQ.$VAR ...>, ...)
- pattern: |
$PKG.request(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
getJSON(<... $REQ.$VAR ...>, ...)
- pattern: |
getJSON(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
getBuffer(<... $REQ.$VAR ...>, ...)
- pattern: |
getBuffer(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
fetch(<... $REQ.$VAR ...>, ...)
- pattern: |
fetch(<... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
$SOCKET.connect($PORT, <... $REQ.$VAR ...>, ...)
- pattern: |
$SOCKET.connect($PORT, <... $REQ.$VAR.$FOO ...>, ...)
- pattern: |
$PKG.get(..., {host: <... $REQ.$VAR ...>}, ...)
- pattern: |
$PKG.get(..., {host: <... $REQ.$VAR.$FOO ...>}, ...)
- pattern: |
$PKG.get(..., {hostname: <... $REQ.$VAR ...>}, ...)
- pattern: |
$PKG.get(..., {hostname: <... $REQ.$VAR.$FOO ...>}, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$PKG.get(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$PKG.get(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$PKG.post(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$PKG.post(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$PKG.put(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$PKG.put(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
needle("=~/^[get|post|put]+$/i", <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
needle("=~/^[get|post|put]+$/i", <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
request(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
request(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$PKG.request(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$PKG.request(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
getJSON(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
getJSON(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
getBuffer(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
getBuffer(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
fetch(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
fetch(<... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$SOCKET.connect($PORT, <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$SOCKET.connect($PORT, <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$PKG.get(..., {host: <... $INP ...>}, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$PKG.get(..., {host: <... $INP ...>}, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$PKG.get(..., {hostname: <... $INP ...>}, ...)
- pattern: |
$INP = <... $REQ.$VAR.$FOO ...>;
...
$PKG.get(..., {hostname: <... $INP ...>}, ...)
message: User controlled URL in http client libraries can result in Server Side
Request Forgery (SSRF).
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-918
license: LGPL-3.0-or-later
vulnerability_class:
- Other
Short Link: https://sg.run/4oZz