From df5dc468a8736c81c8ff59c8610e2f0cbfcfded7 Mon Sep 17 00:00:00 2001
From: metsw24-max <metsw24@gmail.com>
Date: Tue, 26 May 2026 23:50:05 +0530
Subject: [PATCH] fix(bug-detectors): handle connect(port, host) in ssrf tcp
 hook

---
 packages/bug-detectors/internal/ssrf.test.ts | 14 ++++++++++++++
 packages/bug-detectors/internal/ssrf.ts      |  5 ++++-
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/packages/bug-detectors/internal/ssrf.test.ts b/packages/bug-detectors/internal/ssrf.test.ts
index b8d82389d..2c78e6ad1 100644
--- a/packages/bug-detectors/internal/ssrf.test.ts
+++ b/packages/bug-detectors/internal/ssrf.test.ts
@@ -167,6 +167,13 @@ describe("SSRF", () => {
 			expect(() =>
 				hookTCPSocket(undefined, [80, "localhost", "callback"], 0),
 			).not.toThrow();
+			// connect(port, host) without a listener
+			expect(() => hookTCPSocket(undefined, [8080, "local"], 0)).toThrow(
+				"Server Side Request Forgery",
+			);
+			expect(() =>
+				hookTCPSocket(undefined, [80, "localhost"], 0),
+			).not.toThrow();
 		});
 
 		test("Call TCP socket hook with ports as strings", () => {
@@ -194,6 +201,13 @@ describe("SSRF", () => {
 			expect(() =>
 				hookTCPSocket(undefined, ["80", "localhost", "callback"], 0),
 			).not.toThrow();
+			// connect(port, host) without a listener
+			expect(() => hookTCPSocket(undefined, ["81", "local"], 0)).toThrow(
+				"Server Side Request Forgery",
+			);
+			expect(() =>
+				hookTCPSocket(undefined, ["80", "localhost"], 0),
+			).not.toThrow();
 		});
 	});
 
diff --git a/packages/bug-detectors/internal/ssrf.ts b/packages/bug-detectors/internal/ssrf.ts
index 624f22e0e..0a7211fdc 100644
--- a/packages/bug-detectors/internal/ssrf.ts
+++ b/packages/bug-detectors/internal/ssrf.ts
@@ -185,11 +185,14 @@ export function hookTCPSocket(_thisPtr: unknown, args: unknown[], _id: number) {
 			detectSSRF(port, host, "Attempted connection via TCP");
 		}
 	} else if (args.length === 2) {
-		// connect(options: SocketConnectOpts, connectionListener?: () => void): this;
 		const firstArgument = args[0];
 		if (typeof firstArgument === "object" && firstArgument !== null) {
+			// connect(options: SocketConnectOpts, connectionListener?: () => void): this;
 			const options = firstArgument as TcpSocketConnectOpts;
 			detectSSRF(options.port, options.host, "Attempted connection via TCP");
+		} else if (typeof args[1] === "string") {
+			// connect(port: number, host: string): this;
+			detectSSRF(firstArgument, args[1], "Attempted connection via TCP");
 		}
 	} else if (args.length === 3) {
 		// connect(port: number, host: string, connectionListener?: () => void): this;