forked from axios/axios
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Reproducing the Vulnerability * Prevent SSRF * Cleanup * Refactor to skip duplicate code * Tests for correct passed data. * Code review changes.
- Loading branch information
1 parent
4945576
commit f19947d
Showing
2 changed files
with
87 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
// https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 | ||
// https://github.com/axios/axios/issues/3407 | ||
// https://github.com/axios/axios/issues/3369 | ||
|
||
const axios = require('../../../index'); | ||
const http = require('http'); | ||
const assert = require('assert'); | ||
|
||
const PROXY_PORT = 4777; | ||
const EVIL_PORT = 4666; | ||
|
||
|
||
describe('Server-Side Request Forgery (SSRF)', () => { | ||
let fail = false; | ||
let proxy; | ||
let server; | ||
let location; | ||
beforeEach(() => { | ||
server = http.createServer(function (req, res) { | ||
fail = true; | ||
res.end('rm -rf /'); | ||
}).listen(EVIL_PORT); | ||
proxy = http.createServer(function (req, res) { | ||
if (req.url === 'http://localhost:' + EVIL_PORT + '/') { | ||
return res.end(JSON.stringify({ | ||
msg: 'Protected', | ||
headers: req.headers, | ||
})); | ||
} | ||
res.writeHead(302, { location }) | ||
res.end() | ||
}).listen(PROXY_PORT); | ||
}); | ||
afterEach(() => { | ||
server.close(); | ||
proxy.close(); | ||
}); | ||
it('obeys proxy settings when following redirects', async () => { | ||
location = 'http://localhost:' + EVIL_PORT; | ||
let response = await axios({ | ||
method: "get", | ||
url: "http://www.google.com/", | ||
proxy: { | ||
host: "localhost", | ||
port: PROXY_PORT, | ||
auth: { | ||
username: 'sam', | ||
password: 'password', | ||
} | ||
}, | ||
}); | ||
|
||
assert.strictEqual(fail, false); | ||
assert.strictEqual(response.data.msg, 'Protected'); | ||
assert.strictEqual(response.data.headers.host, 'localhost:' + EVIL_PORT); | ||
assert.strictEqual(response.data.headers['proxy-authorization'], 'Basic ' + Buffer.from('sam:password').toString('base64')); | ||
|
||
return response; | ||
|
||
}); | ||
}); |