Unsanitized user input in redirect
- Rule ID: php_symfony_open_redirect
- Languages: php
- Source: open_redirect.yml
Description
Using unsanitized user input to perform redirects can make your application vulnerable to phishing attacks. This occurs when user input is directly used to determine the destination of a redirect without proper validation or sanitization, allowing attackers to redirect users to malicious sites, potentially compromising their security.
Remediations
- Do not use unsanitized user input when constructing URLs for redirects. Directly incorporating user input without validation can lead to phishing attacks and malicious site redirection.
- Do validate user input by employing a safe list or a mapping strategy for constructing URLs. This ensures that the redirection is to a known, safe location.
$paths = [
"1" => "/planes",
"2" => "/trains",
"3" => "/automobiles",
];
$transport = $_GET["transport"];
$this->redirect($paths[$transport]);
References
Associated CWE
OWASP Top 10
Configuration
To skip this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --skip-rule=php_symfony_open_redirect
To run only this rule during a scan, use the following flag
bearer scan /path/to/your-project/ --only-rule=php_symfony_open_redirect