How to fix this Server-Side Request Forgery (SSRF) vulnerability?

Question

We have an issue in our solution (we are using .net core) and the SNYK vulnerabilities scaner show us that we have a Server-Side Request Forgery (SSRF) vulnerability in the next code at the :

public async Task<string> GetHtml(string urlContent)
        {
            HttpClient httpClient = new HttpClient();

            try
            {
                urlContent = Uri.EscapeUriString(urlContent);
                using (httpClient)
                {
                    httpClient.DefaultRequestHeaders.TryAddWithoutValidation(HeaderAccept, HeaderAcceptValue);
                    httpClient.DefaultRequestHeaders.TryAddWithoutValidation(HeaderAcceptEncoding, HeaderAcceptEncodingValue);
                    httpClient.DefaultRequestHeaders.TryAddWithoutValidation(HeaderUserAgent, HeaderUserAgentValue);
                    httpClient.DefaultRequestHeaders.TryAddWithoutValidation(HeaderAcceptCharset, HeaderAcceptCharsetValue);
                    ServicePointManager.SecurityProtocol = SecurityProtocolType.Tls12 | SecurityProtocolType.Tls11 | SecurityProtocolType.Tls;

                    var response = await httpClient.GetAsync(new Uri(TextHelper.RedirectUrlNull(urlContent))); 

The problem is supposed to be a reference to the urlContent variable and how it is related to the response var, but I can't figure out how to mitigate that vulnerability. I appreciate your help.

Answer 1

Without knowing where GetHtml is getting its argument from, we can't confirm if it's a vulnerability or not.

For example, it would be a vulnerability if the user could arbitrarily supply the URL. In that case, for mitigating it, you'd have to know in advance a list or patterns of safe URLs for validating urlContent against it.