Unsanitized user input in redirect
- Rule ID: java_lang_open_redirect
- Languages: java
- Source: open_redirect.yml
Description
Using unsanitized user input to perform redirects can make your application vulnerable to phishing attacks. This occurs when user input is directly used to determine the destination of a redirect without proper validation or sanitization, allowing attackers to redirect users to malicious sites, potentially compromising their security.
Remediations
- Do not use unsanitized user input to construct URLs for redirects. This can lead to phishing attacks and compromise user security.
- Do validate user input by employing a safe list or a mapping strategy when constructing URLs for redirects. This ensures that only pre-approved destinations are used, significantly reducing the risk of malicious redirects.
private static final Map<String, String> URL_MAPPING = new HashMap<>();
static {
URL_MAPPING.put("google", "https://www.google.com");
URL_MAPPING.put("openai", "https://www.openai.com");
URL_MAPPING.put("github", "https://www.github.com");
URL_MAPPING.put("root", "https://www.example.com");
}
String redirectUrl = URL_MAPPING.getOrDefault(request.getParameter("redirectTo"), "root");
response.addHeader("Location", redirectUrl);
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=java_lang_open_redirect
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=java_lang_open_redirect