escape suffix validation URL - Node JS Express application

Asked Oct 10 '22 at 07:48

Active Oct 13 '22 at 18:46

Viewed 62 times

I'm currently working with an Express app and would like to know whether I would be able to escape the following suffix validation:

---SNIP---
const validsuffixes = ['sub2.sub1.maindomain.io'];
...
---SNIP---

----SNIP----
    pathRewrite: {
            '/host/mainapp/app/proxy': ''
        },
        router: (request) => {
            const Host = req.headers['Express-Host'];
            const HostUrl = `https://${Host}/`;
            const HostUrlObject = new URL(HostUrl);
            if (
                validsuffixes.some((suffix) =>
                    HostUrlObject.host.endsWith(suffix)
                )
            ) {
                return HostUrl;
            }
            throw new Error('Invalid Host URL');
        },
----SNIP----

My question is whether it would be possible to inject/escape (or even able to execute code) in the above snippet via a crafted Header ('Express-Host') payload, and would be managed to send the request to HostUrl ?

Appreciate the help, hope this does make sense.

Thanks

edited Oct 13 '22 at 18:46

asked Oct 10 '22 at 07:48

wicked_proxy

escape suffix validation URL - Node JS Express application

0 Answers0