forked from axios/axios
/
SNYK-JS-AXIOS-1038255.js
61 lines (54 loc) · 1.62 KB
/
SNYK-JS-AXIOS-1038255.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
// https://snyk.io/vuln/SNYK-JS-AXIOS-1038255
// https://github.com/axios/axios/issues/3407
// https://github.com/axios/axios/issues/3369
const axios = require('../../../index');
const http = require('http');
const assert = require('assert');
const PROXY_PORT = 4777;
const EVIL_PORT = 4666;
describe('Server-Side Request Forgery (SSRF)', () => {
let fail = false;
let proxy;
let server;
let location;
beforeEach(() => {
server = http.createServer(function (req, res) {
fail = true;
res.end('rm -rf /');
}).listen(EVIL_PORT);
proxy = http.createServer(function (req, res) {
if (req.url === 'http://localhost:' + EVIL_PORT + '/') {
return res.end(JSON.stringify({
msg: 'Protected',
headers: req.headers,
}));
}
res.writeHead(302, { location })
res.end()
}).listen(PROXY_PORT);
});
afterEach(() => {
server.close();
proxy.close();
});
it('obeys proxy settings when following redirects', async () => {
location = 'http://localhost:' + EVIL_PORT;
let response = await axios({
method: "get",
url: "http://www.google.com/",
proxy: {
host: "localhost",
port: PROXY_PORT,
auth: {
username: 'sam',
password: 'password',
}
},
});
assert.strictEqual(fail, false);
assert.strictEqual(response.data.msg, 'Protected');
assert.strictEqual(response.data.headers.host, 'localhost:' + EVIL_PORT);
assert.strictEqual(response.data.headers['proxy-authorization'], 'Basic ' + Buffer.from('sam:password').toString('base64'));
return response;
});
});