{
  "ruleId": "S058",
  "name": "No SSRF (Server-Side Request Forgery)",
  "description": "Prevent SSRF attacks by validating URLs from user input before making HTTP requests",
  "category": "security", 
  "severity": "error",
  "options": {
    "httpClientPatterns": [
      "fetch\\s*\\(",
      "axios\\.(?:get|post|put|delete|patch|request)\\s*\\(",
      "http\\.(?:get|post|put|delete|patch|request)\\s*\\(",
      "https\\.(?:get|post|put|delete|patch|request)\\s*\\(",
      "(?:^|\\s|=|\\()request\\s*\\(",
      "got\\s*\\(",
      "superagent\\.",
      "needle\\.",
      "bent\\(",
      "node-fetch\\s*\\(",
      "isomorphic-fetch\\s*\\(",
      "ky\\s*\\(",
      "httpClient\\.",
      "\\.httpClient\\."
    ],
    "userInputSources": [
      "req\\.body",
      "req\\.query", 
      "req\\.params",
      "request\\.body",
      "request\\.query",
      "request\\.params",
      "ctx\\.request\\.body",
      "ctx\\.query",
      "ctx\\.params",
      "event\\.body",
      "event\\.queryStringParameters",
      "event\\.pathParameters",
      "\\.query\\.",
      "\\.body\\.",
      "\\.params\\.",
      "process\\.argv",
      "process\\.env\\.",
      "from.*request",
      "from.*input",
      "user.*input",
      "client.*data",
      "external.*data"
    ],
    "dangerousProtocols": [
      "file://",
      "ftp://",
      "sftp://", 
      "ldap://",
      "ldaps://",
      "dict://",
      "gopher://",
      "jar://",
      "netdoc://",
      "mailto:",
      "news:",
      "imap://",
      "pop3://",
      "smb://",
      "afp://",
      "telnet://",
      "ssh://"
    ],
    "blockedIPs": [
      "127\\.0\\.0\\.1",
      "::1",
      "localhost",
      "169\\.254\\.169\\.254",
      "metadata\\.google\\.internal",
      "169\\.254\\.",
      "10\\.",
      "172\\.(1[6-9]|2[0-9]|3[01])\\.",
      "192\\.168\\."
    ],
    "blockedPorts": [
      "22",
      "23", 
      "25",
      "53",
      "135",
      "139",
      "445",
      "1433",
      "1521",
      "3306",
      "3389",
      "5432",
      "5984",
      "6379",
      "8080",
      "9200",
      "11211",
      "27017",
      "50070"
    ],
    "allowedDomains": [
      "api\\.trusted-service\\.com",
      "service\\.company\\.com"
    ],
    "validationFunctions": [
      "validateUrl",
      "validateUrlAllowList",
      "checkAllowedUrl",
      "isAllowedUrl",
      "sanitizeUrl",
      "verifyUrl",
      "urlValidator"
    ],
    "policy": {
      "requireExplicitValidation": true,
      "enforceAllowList": true,
      "blockPrivateIPs": true,
      "checkProtocols": true,
      "requireHttpsOnly": false,
      "maxRedirects": 0
    },
    "thresholds": {
      "maxSuspiciousUrls": 3,
      "maxUnvalidatedRequests": 1
    }
  }
}