Unvalidated Redirect
Description
Untrusted input passed to redirect() can cause open redirect vulnerabilities. Use urlparse() to verify that redirects stay within your domain.
Examples
Insecure Code
python
redirect(next_url)Secure Code
python
from urllib.parse import urlparse
if urlparse(next_url).netloc!= urlparse(request.url).netloc:
return redirect(url_for("index"))
return redirect(next_url)Remediation
Use urlparse() to validate the redirect URL and ensure it stays within the domain.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0253 |
| Category | Web |
| Severity | MEDIUM |
| CWE | CWE-601 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | redirect, open redirect |
| OWASP | A01:2021-Broken Access Control |