Unsanitized User input in Redirect
Overview
Rule ID:
javascript_express_open_redirect
Applicable Languages: Javascript
Weakness ID: CWE-601
Description
Using unsanitized user input for redirection can expose your application to phishing attacks. This vulnerability arises when user input directly determines the destination of a redirect without proper validation, making it easier for attackers to send users to malicious sites.
Remediation Guidelines
Do not use unsanitized user input to construct URLs for redirection. This can lead to security vulnerabilities where attackers might exploit the redirect to send users to malicious sites.
Do validate user input by employing a safelist or mapping strategy for constructing URLs. This ensures that only pre-approved destinations are used for redirects, significantly reducing the risk of phishing attacks.
References
Configuration
To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL
Last updated