URL Redirection to Untrusted Site 'Open Redirect'
Description
The application was found handling redirect behavior with user-supplied input. Do not pass `params` to `redirect_to` without the `:only_path => true` hash value. Using `:only_path => true` ensures that the URL is interpreted as a relative path, not allowing redirection to an arbitrary external URL, thus mitigating the risk of open redirects. Alternatively, validate or sanitize the input to ensure it's safe and intended.
Examples
Insecure Code
ruby
redirect_to params[:redirect_url]Secure Code
ruby
redirect_to params[:redirect_url], only_path: trueRemediation
Use the `:only_path => true` hash value when calling `redirect_to` with user-supplied input, or validate and sanitize the input to ensure it's safe and intended.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0544 |
| Category | Web |
| Severity | LOW |
| CWE | CWE-601 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | open redirect, url redirection |
| OWASP | A1:2017-Injection, A03:2021-Injection |
References
- https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
- https://github.com/semgrep/semgrep-rules/blob/develop/ruby/rails/security/brakeman/check-redirect-to.yaml