mirrors/axios
2
0
Fork 0
mirror of https://github.com/tenrok/axios.git synced 2026-06-14 18:42:33 +03:00
Code Activity
Files
07a661a2a6b9092c4aa640dcc7f724ec5e65bdda
axios/test/unit/regression/SNYK-JS-AXIOS-7361793.js
T
Đỗ Trọng Hải 07a661a2a6 fix(sec): disregard protocol-relative URL to remediate SSRF (#6539) 
* fix(sec): disregard protocol-relative URL to remediate SSRF

Signed-off-by: hainenber <dotronghai96@gmail.com>

* feat(test/unit/regression): add regression test to ensure SNYK-JS-AXIOS-7361793 fixed in future version

Signed-off-by: hainenber <dotronghai96@gmail.com>

* chore: add EoF newline + comments

Signed-off-by: hainenber <dotronghai96@gmail.com>

* chore: fix eslint issues

Signed-off-by: hainenber <dotronghai96@gmail.com>

* Update SNYK-JS-AXIOS-7361793.js

Co-authored-by: tom-reinders <tom-reinders@users.noreply.github.com>

---------

Signed-off-by: hainenber <dotronghai96@gmail.com>
Co-authored-by: tom-reinders <tom-reinders@users.noreply.github.com>
2024-08-13 17:03:25 +02:00

46 lines
1.5 KiB
JavaScript
Raw Blame History

// https://security.snyk.io/vuln/SNYK-JS-AXIOS-7361793
// https://github.com/axios/axios/issues/6463
import axios from '../../../index.js';
import http from 'http';
import assert from 'assert';
const GOOD_PORT = 4666;
const BAD_PORT = 4667;
describe('Server-Side Request Forgery (SSRF)', () => {
let goodServer, badServer;
beforeEach(() => {
goodServer = http.createServer(function (req, res) {
res.write('good');
res.end();
}).listen(GOOD_PORT);
badServer = http.createServer(function (req, res) {
res.write('bad');
res.end();
}).listen(BAD_PORT);
})
afterEach(() => {
goodServer.close();
badServer.close();
});
it('should not fetch bad server', async () => {
const ssrfAxios = axios.create({
baseURL: 'http://localhost:' + String(GOOD_PORT),
});
// Good payload would be `userId = '12345'`
// Malicious payload is as below.
const userId = '/localhost:' + String(BAD_PORT);
const response = await ssrfAxios.get(`/${userId}`);
assert.strictEqual(response.data, 'good');
assert.strictEqual(response.config.baseURL, 'http://localhost:' + String(GOOD_PORT));
assert.strictEqual(response.config.url, '//localhost:' + String(BAD_PORT));
assert.strictEqual(response.request.res.responseUrl, 'http://localhost:' + String(GOOD_PORT) + '/localhost:' + String(BAD_PORT));
});
});
View Git Blame Copy Permalink