Check if a URL is a High-Risk or Server Administration Path in Node.JS

Is the design of your file or web URLs unknowingly providing an opening for remote access by an attacker? If your website, application, or database leverages user-controllable data to access files and directories on a server in a risky way, the answer is yes. To assist in identifying if a URL or path is a high-risk or server administration path, we will provide a brief tutorial on an API that can perform the function in Node.JS.

To start things off, we will run this command to install the Node.JS SDK:

npm install cloudmersive-validate-api-client --save

Or add this snippet to our package.json:

"dependencies": {
    "cloudmersive-validate-api-client": "^1.3.9"
  }

Now we can configure our API key and call the function:

var CloudmersiveValidateApiClient = require('cloudmersive-validate-api-client');
var defaultClient = CloudmersiveValidateApiClient.ApiClient.instance;
// Configure API key authorization: Apikey
var Apikey = defaultClient.authentications['Apikey'];
Apikey.apiKey = 'YOUR API KEY';
var apiInstance = new CloudmersiveValidateApiClient.DomainApi();
var value = "value_example"; // String | URL or relative path to check, e.g. \"/admin/login\".  The input is a string so be sure to enclose it in double-quotes.
var callback = function(error, data, response) {
  if (error) {
    console.error(error);
  } else {
    console.log('API called successfully. Returned data: ' + data);
  }
};
apiInstance.domainIsAdminPath(value, callback);

With this simple process, you will be able to avoid manual testing of the path as well as the danger of a vulnerable URL.