Unsanitized User input in Redirect

Overview

  • Rule ID: javascript_express_open_redirect

  • Applicable Languages: Javascript

  • Weakness ID: CWE-601

Description

Using unsanitized user input for redirection can expose your application to phishing attacks. This vulnerability arises when user input directly determines the destination of a redirect without proper validation, making it easier for attackers to send users to malicious sites.

Remediation Guidelines

  • Do not use unsanitized user input to construct URLs for redirection. This can lead to security vulnerabilities where attackers might exploit the redirect to send users to malicious sites.

  • Do validate user input by employing a safelist or mapping strategy for constructing URLs. This ensures that only pre-approved destinations are used for redirects, significantly reducing the risk of phishing attacks.

    var map = {
      "1": "/planes",
      "2": "/trains",
      "3": "/automobiles",
    }
    
    res.redirect(map[req.body.transport]);
    

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

Last updated