Unsanitized user input in redirect

Description

Using unsanitized user input to perform redirects can make your application vulnerable to phishing attacks. This occurs when user input is directly used to determine the destination of a redirect without proper validation or sanitization, allowing attackers to redirect users to malicious sites, potentially compromising their security.

Remediations

  • Do not use unsanitized user input to construct URLs for redirects. This can lead to phishing attacks and compromise user security.
  • Do validate user input by employing a safe list or a mapping strategy when constructing URLs for redirects. This ensures that only pre-approved destinations are used, significantly reducing the risk of malicious redirects.
    private static final Map<String, String> URL_MAPPING = new HashMap<>();
    static {
    URL_MAPPING.put("google", "https://www.google.com");
    URL_MAPPING.put("openai", "https://www.openai.com");
    URL_MAPPING.put("github", "https://www.github.com");
    URL_MAPPING.put("root", "https://www.example.com");
    }

    String redirectUrl = URL_MAPPING.getOrDefault(request.getParameter("redirectTo"), "root");
    response.addHeader("Location", redirectUrl);

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=java_lang_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=java_lang_open_redirect