From ff4158f77219f9c5970937cce1284df31250f59b Mon Sep 17 00:00:00 2001 From: DESIREDDY MOHITH REDDY Date: Sun, 5 Jul 2026 09:21:50 +0530 Subject: [PATCH] fix(security): resolve SSRF vulnerability in Jira integration setup (#3119) --- src/app/api/integrations/jira/credentials/route.ts | 8 +++++++- src/app/api/integrations/jira/route.ts | 6 ++++++ 2 files changed, 13 insertions(+), 1 deletion(-) diff --git a/src/app/api/integrations/jira/credentials/route.ts b/src/app/api/integrations/jira/credentials/route.ts index 84c945561..e4025168b 100644 --- a/src/app/api/integrations/jira/credentials/route.ts +++ b/src/app/api/integrations/jira/credentials/route.ts @@ -1,3 +1,5 @@ +import { isSafeUrl } from "@/lib/ssrf-protection"; + import { getServerSession } from "next-auth"; import { NextRequest } from "next/server"; import { authOptions } from "@/lib/auth"; @@ -28,8 +30,12 @@ async function testJiraConnection( email: string, token: string ): Promise { + const url = `https://${domain}/rest/api/3/myself`; + if (!(await isSafeUrl(url))) { + return false; + } const auth = Buffer.from(`${email}:${token}`).toString("base64"); - const response = await fetch(`https://${domain}/rest/api/3/myself`, { + const response = await fetch(url, { headers: { Authorization: `Basic ${auth}`, Accept: "application/json", diff --git a/src/app/api/integrations/jira/route.ts b/src/app/api/integrations/jira/route.ts index ce88d18e4..a1a5f7a67 100644 --- a/src/app/api/integrations/jira/route.ts +++ b/src/app/api/integrations/jira/route.ts @@ -1,3 +1,5 @@ +import { isSafeUrl } from "@/lib/ssrf-protection"; + import { NextRequest } from "next/server"; import { getServerSession } from "next-auth"; import { authOptions } from "@/lib/auth"; @@ -61,6 +63,10 @@ async function fetchJiraIssues( jql )}&maxResults=50&fields=summary,status,created,updated,resolutiondate,assignee,priority`; + if (!(await isSafeUrl(searchUrl))) { + throw new Error("Invalid or unsafe Jira domain."); + } + const response = await fetch(searchUrl, { headers, cache: "no-store",