Description
Version
v21.2.0
Platform
Darwin 22.6.0 Darwin Kernel Version 22.6.0:; RELEASE_ARM64_T6020 arm64
Subsystem
socket
What steps will reproduce the bug?
In a js file, copy and paste
const express = require('express');
const request = require('request');
const ssrfFilter = require('ssrf-req-filter');
const app = express();
const port = 3000;
app.get('/put/url/data/filter/:domain', (req, res) => {
var url = `http://${req.params["domain"]}`;
var results = request({
uri: url,
agent: ssrfFilter(url)
}, function (error, response, body) {
console.error('error:', error);
console.log('statusCode:', response && response.statusCode);
});
return results.body;
});
app.listen(port, () => console.log("Example"));
In terminal (1), run node <name of file>.
In terminal (2), make a request to the application by starting python with:
import requests
requests.get("http://127.0.0.1:3000/put/url/data/filter/10.0.0.2.nip.io")
How often does it reproduce? Is there a required condition?
Every time
What is the expected behavior? Why is that the expected behavior?
The expected behavior is that an error that is not an ERR_INTERNAL_ASSERTION is thrown (the error Call to address is blocked in https://github.com/y-mehta/ssrf-req-filter/blob/e45da7cd5f1ede17b0237dcd7daa83a85e07afd6/lib/index.js#L38C7-L38C13 is thrown)
I suspect this is caused by assert(self.connecting)
What do you see instead?
node:internal/assert:14
throw new ERR_INTERNAL_ASSERTION(message);
^
Error [ERR_INTERNAL_ASSERTION]: This is caused by either a bug in Node.js or incorrect usage of Node.js internals.
Please open an issue with this stack trace at https://github.com/nodejs/node/issues
at assert (node:internal/assert:14:11)
at internalConnect (node:net:1037:3)
at defaultTriggerAsyncIdScope (node:internal/async_hooks:464:18)
at GetAddrInfoReqWrap.emitLookup [as callback] (node:net:1481:9)
at GetAddrInfoReqWrap.onlookupall [as oncomplete] (node:dns:130:8) {
code: 'ERR_INTERNAL_ASSERTION'
}
Additional information
No response