Unsanitized user input in redirect

• Rule ID: javascript_express_open_redirect
• Languages: javascript
• Source: open_redirect.yml

Description

Using unsanitized user input for redirection can expose your application to phishing attacks. This vulnerability occurs when user input directly influences the destination of a redirect without proper validation, making it easier for attackers to redirect users to malicious sites.

Remediations

• Do not use unsanitized user input to construct URLs for redirection. This can lead to security vulnerabilities where attackers could exploit the redirect to lead users to malicious sites.
• Do validate user input by employing a safe list or a mapping strategy for constructing URLs. This ensures that only pre-approved destinations are used for redirects, significantly reducing the risk of phishing attacks.

  var map = {
    "1": "/planes",
    "2": "/trains",
    "3": "/automobiles",
  }
  
  res.redirect(map[req.body.transport])

References

• OWASP Unvalidated Redirects and Forwards Cheat Sheet

Associated CWE

• CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top 10

• A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=javascript_express_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=javascript_express_open_redirect