sast_ssrf
Scans source code for SSRF vulnerabilities in fetch, axios, and http.request calls by detecting unvalidated user input in URL arguments.
Instructions
AST-scan for SSRF: fetch(), axios.get/post(), http.request() — where the URL argument contains user-controlled input without domain validation.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| path | Yes | Directory path containing source files to analyze |