[LEGIT] Fix - js/request-forgery

[gregory-legit]

🔍 The problem

Server-side request forgery
See issue in Legit

🔒 Fix Details

The code is vulnerable to Server-Side Request Forgery (SSRF) because it constructs a URL using user input (req.query.url) and makes a server-side request using needle.get(). To mitigate this, validate the URL to ensure it starts with 'http://' or 'https://', preventing potentially harmful requests to internal services.

diff --git a/app/routes/research.js b/app/routes/research.js
index 3b2f1c4..d4e5f6a 100644
--- a/app/routes/research.js
+++ b/app/routes/research.js
@@ -11,6 +11,11 @@ this.displayResearch = (req, res) => {
 
         if (req.query.symbol) {
             const url = req.query.url+req.query.symbol; 
+
+            if (!/^https?:\/\//.test(req.query.url)) {
+                return res.status(400).send("Invalid URL");
+            }
+
             return needle.get(url, (error, newResponse) => {
                 if (!error && newResponse.statusCode == 200)
                     res.writeHead(200, {'Content-Type': 'text/html'});

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud