Server-side redirect path constructed with user input
Description
Constructing a server-side redirect path with user input could allow an attacker to download application binaries (including application classes or jar files) or view arbitrary files within protected directories.
Examples
Insecure Code
scala
new org.springframework.web.servlet.ModelAndView(userInput)Secure Code
scala
new org.springframework.web.servlet.ModelAndView(sanitizedInput)Remediation
Validate and sanitize user input before using it to construct server-side redirect paths.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0046 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-552 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | file disclosure, server-side redirect |
| OWASP | N/A |