diff options
Diffstat (limited to 'test/unit/regression/SNYK-JS-AXIOS-1038255.js')
-rw-r--r-- | test/unit/regression/SNYK-JS-AXIOS-1038255.js | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/test/unit/regression/SNYK-JS-AXIOS-1038255.js b/test/unit/regression/SNYK-JS-AXIOS-1038255.js new file mode 100644 index 0000000..52c7498 --- /dev/null +++ b/test/unit/regression/SNYK-JS-AXIOS-1038255.js @@ -0,0 +1,61 @@ +// https://snyk.io/vuln/SNYK-JS-AXIOS-1038255 +// https://github.com/axios/axios/issues/3407 +// https://github.com/axios/axios/issues/3369 + +const axios = require('../../../index'); +const http = require('http'); +const assert = require('assert'); + +const PROXY_PORT = 4777; +const EVIL_PORT = 4666; + + +describe('Server-Side Request Forgery (SSRF)', () => { + let fail = false; + let proxy; + let server; + let location; + beforeEach(() => { + server = http.createServer(function (req, res) { + fail = true; + res.end('rm -rf /'); + }).listen(EVIL_PORT); + proxy = http.createServer(function (req, res) { + if (req.url === 'http://localhost:' + EVIL_PORT + '/') { + return res.end(JSON.stringify({ + msg: 'Protected', + headers: req.headers, + })); + } + res.writeHead(302, { location }) + res.end() + }).listen(PROXY_PORT); + }); + afterEach(() => { + server.close(); + proxy.close(); + }); + it('obeys proxy settings when following redirects', async () => { + location = 'http://localhost:' + EVIL_PORT; + let response = await axios({ + method: "get", + url: "http://www.google.com/", + proxy: { + host: "localhost", + port: PROXY_PORT, + auth: { + username: 'sam', + password: 'password', + } + }, + }); + + assert.strictEqual(fail, false); + assert.strictEqual(response.data.msg, 'Protected'); + assert.strictEqual(response.data.headers.host, 'localhost:' + EVIL_PORT); + assert.strictEqual(response.data.headers['proxy-authorization'], 'Basic ' + Buffer.from('sam:password').toString('base64')); + + return response; + + }); +});
\ No newline at end of file |