@aikidosec/firewall/sinks/undici/wrapDispatch.d.ts

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

import type { Dispatcher } from "undici-v6";
import { Agent } from "../../agent/Agent";
type Dispatch = Dispatcher["dispatch"];
/**
 * Wraps the dispatch function of the undici client to store the port of the request in the context.
 * This is needed to prevent false positives for SSRF vulnerabilities.
 * At a dns request, the port is not known, so we need to store it in the context to prevent the following scenario:
 * 1. Userinput includes localhost:4000 in the host header, because the application is running on port 4000
 * 2. The application makes a fetch request to localhost:5000 - this would be blocked as SSRF, because the port is not known
 *
 * We can not store the port in the context directly inside our inspect functions, because the order in which the requests are made is not guaranteed.
 * So for example if Promise.all is used, the dns request for one request could be made after the fetch request of another request.
 *
 */
export declare function wrapDispatch(orig: Dispatch, agent: Agent): Dispatch;
export {};