Unsanitized User input in Redirect

Overview

Rule ID: javascript_express_open_redirect
Applicable Languages: Javascript
Weakness ID: CWE-601

Description

Using unsanitized user input for redirection can expose your application to phishing attacks. This vulnerability arises when user input directly determines the destination of a redirect without proper validation, making it easier for attackers to send users to malicious sites.

Remediation Guidelines

Do not use unsanitized user input to construct URLs for redirection. This can lead to security vulnerabilities where attackers might exploit the redirect to send users to malicious sites.
Do validate user input by employing a safelist or mapping strategy for constructing URLs. This ensures that only pre-approved destinations are used for redirects, significantly reducing the risk of phishing attacks.
```
var map = {
  "1": "/planes",
  "2": "/trains",
  "3": "/automobiles",
}

res.redirect(map[req.body.transport]);
```

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUnsanitized user input in redirect NextUnsanitized user input in regular expression

Last updated 1 year ago

hashtagOverview

hashtagDescription

hashtagRemediation Guidelines

hashtagReferences

hashtagConfiguration

Overview

Description

Remediation Guidelines

References

Configuration