Can I use Jelly to detect SSRF vulnerabilities?

[nkbai]

SSRF is server-side request forge , it means a url that is provided by the client user and the server doesn't verify it and send a request using that url.

for example:

const express = require('express');
const axios = require('axios');

const app = express();

app.get('/fetch', async (req, res) => {
    const { url } = req.query;

    if (!url) {
        return res.status(400).send('URL parameter is required');
    }

    try {
        // SSRF vulnerability: there is no verification and filter for variable url
        const response = await axios.get(url);
        res.send(response.data);
    } catch (error) {
        res.status(500).send('Error fetching the URL');
    }
});

app.listen(3000, () => {
    console.log('Server is running on port 3000');
});

can I write a pattern to detect this vulnerability?

like the following test example:

        runTest("tests/micro/twoversions", "index.js", {
            vulnerabilities: [{
                osv: {
                    cvss: {
                        score: 1,
                        vectorString: null,
                    },
                    cwe: ["1"],
                    dependency: "ansi-regex",
                    name: "ansi-regex",
                    range: ">=3.0.0",
                    severity: "high",
                    source: 1,
                    title: "title",
                    url: "url",
                },
                patterns: ["call <ansi-regex>"],
            }],
            vulnerabilitiesMatches: 1,
        }));