Unsanitized user input in redirect

• Rule ID: go_lang_open_redirect
• Languages: go
• Source: open_redirect.yml

Description

Using unsanitized user input to perform redirects can expose your application to phishing attacks. This vulnerability arises when user input directly influences the destination of a redirect without proper validation, making it easier for attackers to deceive users by directing them to malicious sites.

Remediations

• Do not use unsanitized user input to construct URLs for redirects. This can lead to security vulnerabilities where attackers might redirect users to malicious websites.
• Do validate all user input used in redirects. Employ a whitelist approach or a mapping of allowed destinations to ensure only safe and intended URLs are used for redirection.

  var URLMapping = map[string]string{
    "google": "https://www.google.com",
    "openai": "https://www.openai.com",
    "github": "https://www.github.com",
    "root":   "https://www.example.com",
  }
  
  func safeRedirectHandler(w http.ResponseWriter, r *http.Request) {
    // Get the redirectTo parameter from the query string
    redirectTo := r.URL.Query().Get("redirectTo")
  
    // Get the safe URL from the map, default to the URL for "root" if not found
    redirectURL, ok := URLMapping[redirectTo]
    if !ok {
      redirectURL = URLMapping["root"] // Default to a predefined safe URL
    }
  
    ...
  }

References

• OWASP Unvalidated Redirects and Forwards Cheat Sheet

Associated CWE

• CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top 10

• A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_open_redirect