ssrf-agent-guard
v0.1.5
Published
A TypeScript SSRF protection library for Node.js (express/axios) with advanced policies, DNS rebinding detection and cloud metadata protection.
Downloads
454
Maintainers
s_srivastava2Readme
ssrf-agent-guard
ssrf-agent-guard is a Node.js module for protecting your HTTP/HTTPS requests against SSRF (Server-Side Request Forgery) attacks. It wraps http.Agent and https.Agent to enforce pre and post DNS host/IP checks, block access to cloud metadata endpoints, private IPs, and unsafe domains.
Features
- Block requests to internal/private IPs
- Detect and block cloud provider metadata endpoints (AWS, GCP, Azure)
- DNS rebinding detection
- Fully written in TypeScript with type definitions
Installation
npm install ssrf-agent-guard
# or using yarn
yarn add ssrf-agent-guardUsage
isValidDomainOptions reference is-valid-domain
axios
const ssrfAgentGuard = require('ssrf-agent-guard');
const url = 'https://127.0.0.1'
const isValidDomainOptions = {
subdomain: true,
wildcard: true
};
axios.get(
url, {
httpAgent: ssrfAgentGuard(url, isValidDomainOptions), httpsAgent: ssrfAgentGuard(url, isValidDomainOptions)
})
.then((response) => {
console.log(`Success`);
})
.catch((error) => {
console.log(`${error.toString().split('\n')[0]}`);
})
.then(() => {
});node-fetch
const ssrfAgentGuard = require('ssrf-agent-guard');
const url = 'https://127.0.0.1'
const isValidDomainOptions = {
subdomain: true,
wildcard: true
};
fetch(url, {
agent: ssrfAgentGuard(url, isValidDomainOptions)
})
.then((response) => {
console.log(`Success`);
})
.catch(error => {
console.log(`${error.toString().split('\n')[0]}`);
});Development
# install dependencies
npm install
# build
npm run build
# run tests
npm testContributing
- Fork the repository
- Create a branch (
git checkout -b feature/new-feature) - Make changes and run tests
- Commit and push your branch
- Open a Pull Request
Credits:
- SSRF prevention techniques: SSRF Cheatsheet
- Implementation inspired By ssrf-req-filter
License
MIT © Swapnil Srivastava