@aikidosec/firewall/vulnerabilities/ssrf/isRedirectToPrivateIP.d.ts

Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks

import { Context } from "../../agent/Context";
/**
 * This function is called before a outgoing request is made.
 * It's used to prevent requests to private IP addresses after a redirect with a user-supplied URL (SSRF).
 * It returns true if the following conditions are met:
 * - context.outgoingRequestRedirects is set: Inside the context of this incoming request, there was a redirect
 * - The hostname of the URL contains a private IP address
 * - The redirect origin, so the user-supplied hostname and port that caused the first redirect, is found in the context of the incoming request
 */
export declare function isRedirectToPrivateIP(url: URL, context: Context): {
    source: import("../../agent/Source").Source;
    pathsToPayload: string[];
    payload: string;
    port: number | undefined;
    hostname: string;
} | undefined;