@@ -13,14 +13,14 @@ app.get('/check-with-axios', req => {
1313 axios . get ( "test.com/" + req . query . tainted ) ; // OK
1414 }
1515 if ( req . query . tainted . match ( / ^ .* $ / ) ) { // anything
16- axios . get ( "test.com/" + req . query . tainted ) ; // $ Alert // SSRF - False Negative
16+ axios . get ( "test.com/" + req . query . tainted ) ; // $ Alert // SSRF
1717 }
1818
1919 const baseURL = "test.com/"
20- if ( isValidPath ( req . params . tainted ) ) {
20+ if ( isValidPath ( req . params . tainted ) ) {
2121 axios . get ( baseURL + req . params . tainted ) ; // OK
2222 }
23- if ( ! isValidPath ( req . params . tainted ) ) {
23+ if ( ! isValidPath ( req . params . tainted ) ) {
2424 axios . get ( baseURL + req . params . tainted ) ; // $ Alert // SSRF
2525 } else {
2626 axios . get ( baseURL + req . params . tainted ) ; // OK
@@ -30,15 +30,15 @@ app.get('/check-with-axios', req => {
3030 if ( ! req . query . tainted . match ( / ^ [ / \. % ] + $ / ) ) {
3131 axios . get ( "test.com/" + req . query . tainted ) ; // $ Alert // SSRF
3232 }
33- if ( ! isInBlacklist ( req . params . tainted ) ) {
33+ if ( ! isInBlacklist ( req . params . tainted ) ) {
3434 axios . get ( baseURL + req . params . tainted ) ; // $ Alert // SSRF
3535 }
3636
3737 if ( ! isValidPath ( req . params . tainted ) ) {
3838 return ;
3939 }
4040
41- axios . get ( "test.com/" + req . query . tainted ) ; // $ Alert // OK - False Positive
41+ axios . get ( "test.com/" + req . query . tainted ) ; // $ SPURIOUS: Alert // OK - False Positive
4242
4343 if ( req . query . tainted . matchAll ( / ^ [ 0 - 9 a - z ] + $ / g) ) { // letters and numbers
4444 axios . get ( "test.com/" + req . query . tainted ) ; // OK
@@ -48,20 +48,20 @@ app.get('/check-with-axios', req => {
4848 }
4949} ) ;
5050
51- const isValidPath = path => path . match ( / ^ [ 0 - 9 a - z ] + $ / ) ;
51+ const isValidPath = path => path . match ( / ^ [ 0 - 9 a - z ] + $ / ) ;
5252
53- const isInBlackList = path => path . match ( / ^ [ / \. % ] + $ / ) ;
53+ const isInBlackList = path => path . match ( / ^ [ / \. % ] + $ / ) ;
5454
5555app . get ( '/check-with-axios' , req => {
5656 const baseURL = "test.com/"
57- if ( isValidPathMatchAll ( req . params . tainted ) ) {
57+ if ( isValidPathMatchAll ( req . params . tainted ) ) {
5858 axios . get ( baseURL + req . params . tainted ) ; // OK
5959 }
60- if ( ! isValidPathMatchAll ( req . params . tainted ) ) {
60+ if ( ! isValidPathMatchAll ( req . params . tainted ) ) {
6161 axios . get ( baseURL + req . params . tainted ) ; // $ Alert // NOT OK - SSRF
6262 } else {
6363 axios . get ( baseURL + req . params . tainted ) ; // OK
6464 }
6565} ) ;
6666
67- const isValidPathMatchAll = path => path . matchAll ( / ^ [ 0 - 9 a - z ] + $ / g) ;
67+ const isValidPathMatchAll = path => path . matchAll ( / ^ [ 0 - 9 a - z ] + $ / g) ;
0 commit comments