LightningFlowComponents icon indicating copy to clipboard operation
LightningFlowComponents copied to clipboard
verified publisher icon alexed1

Possible Server-Side Request Forgery vulnerability

Open Chris-Paul3625 opened this issue 11 months ago • 2 comments

flow_action_components/CloneAndTweak/force-app/main/default/classes/GetFlowMetadata.cls, line 83 Unsanitized input from a SOQL statement flows into setendpoint, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.

Chris-Paul3625 avatar Jan 21 '25 17:01 Chris-Paul3625

@Chris-Paul3625 Do you have a suggested solution?

ericrsmith35 avatar Jan 21 '25 18:01 ericrsmith35

Hello Eric, This vulnerability came on our scan of the package. While I am not a dev a few things that could resolve this would be to Ensure that any user-provided input is validated and sanitized before being used in the setEndpoint method. Define a strict whitelist of allowed URLs or patterns that are acceptable for your application. For example:

Use regular expressions to allow only specific domain names. Restrict input to a list of predefined endpoints.

Additionally our system offered up the following:

Named Credentials: Use Salesforce Named Credentials to manage external endpoint configuration. Named Credentials abstract the endpoint and authentication, reducing the risk of SSRF.

Chris-Paul3625 avatar Jan 21 '25 19:01 Chris-Paul3625