Unsanitized user input in redirect

Description

Using unsanitized user input to perform redirects can make your application vulnerable to phishing attacks. This occurs when user input is directly used to determine the destination of a redirect without proper validation or sanitization, allowing attackers to redirect users to malicious sites, potentially compromising their security.

Remediations

  • Do not use unsanitized user input when constructing URLs for redirects. Directly incorporating user input without validation can lead to phishing attacks and malicious site redirection.
  • Do validate user input by employing a safe list or a mapping strategy for constructing URLs. This ensures that the redirection is to a known, safe location.
$paths = [
"1" => "/planes",
"2" => "/trains",
"3" => "/automobiles",
];

$transport = $_GET["transport"];
$this->redirect($paths[$transport]);

References

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=php_symfony_open_redirect

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=php_symfony_open_redirect