Unsanitized user input in redirect

• Rule ID: php_lang_open_redirect
• Languages: php
• Source: open_redirect.yml

Description

Using unsanitized user input to perform redirects can make your application vulnerable to phishing attacks. This occurs when user input is directly used to determine the destination of a redirect without proper validation or sanitization, allowing attackers to redirect users to malicious sites, potentially compromising their security.

Remediations

• Do not use unsanitized user input when constructing URLs for redirects. Directly incorporating user input without validation can lead to phishing attacks and malicious site redirection.
• Do validate user input by employing a safe list or a mapping strategy for constructing URLs. This ensures that the redirection is to a known, safe location.

  $paths = [
    "1" => "/planes",
    "2" => "/trains",
    "3" => "/automobiles",
  ];
  
  $transport = $_GET["transport"];
  header("Location: {$paths[$transport]}", true, 301);

References

• OWASP Unvalidated Redirects and Forwards Cheat Sheet

Associated CWE

• CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

OWASP Top 10

• A01:2021 - Broken Access Control

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_lang_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_lang_open_redirect