Improve readability of isRequestToItself

AikidoSec · Dec 9, 2024 · 8c768a9 · 8c768a9
1 parent a699a4a
commit 8c768a9
Showing 1 changed file with 18 additions and 10 deletions.
diff --git a/library/vulnerabilities/ssrf/isRequestToItself.ts b/library/vulnerabilities/ssrf/isRequestToItself.ts
@@ -16,21 +16,29 @@ export function isRequestToItself({
     return false;
   }
 
-  let ignoredPaths = 0;
+  let ignoredPathsCount = 0;
 
   for (const path of paths) {
-    if (path === ".host" && str === `localhost:${port}`) {
-      ignoredPaths++;
-      continue;
+    if (shouldIgnorePath(path, str, port)) {
+      ignoredPathsCount++;
     }
+  }
+
+  return ignoredPathsCount === paths.length;
+}
+
+// Check if the path is a header that is ignored if it's a request to itself using localhost
+function shouldIgnorePath(path: string, str: string, port: number) {
+  if (path === ".host" && str === `localhost:${port}`) {
+    return true;
+  }
 
-    if (path === ".origin" || path === ".referer") {
-      const url = tryParseURL(str);
-      if (url && url.host === `localhost:${port}`) {
-        ignoredPaths++;
-      }
+  if (path === ".origin" || path === ".referer") {
+    const url = tryParseURL(str);
+    if (url && url.host === `localhost:${port}`) {
+      return true;
     }
   }
 
-  return ignoredPaths === paths.length;
+  return false;
 }