ajinabraham.njsscan.open_redirect.express_open_redirect2

Author
1,129
Download Count*
License
Untrusted user input in response header('Location') can result in Open Redirect vulnerability.
Run Locally
Run in CI
Defintion
rules:
- id: express_open_redirect2
patterns:
- pattern-inside: |
$APP.$METHOD(..., function $FUNC($REQ, $RES) { ... })
- pattern-either:
- pattern: |
$RES.header(..., "=~/location/i", <... $REQ.$VAR ...>, ...)
- pattern: |
$RES.header(..., "=~/location/i", <... $REQ.$VAR.$VARR ...>, ...)
- pattern: |
$RES.writeHead(..., "=~/location/i", <... $REQ.$VAR ...>, ...)
- pattern: >
$RES.writeHead(..., "=~/location/i", <... $REQ.$VAR.$VARR ...>,
...)
- pattern: |
$RES.writeHead(..., {"=~/location/i": <... $REQ.$VAR ...> }, ...)
- pattern: >
$RES.writeHead(..., {"=~/location/i": <... $REQ.$VAR.$VARR ...> },
...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$RES.header(..., "=~/location/i", <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$VARR ...>;
...
$RES.header(..., "=~/location/i", <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$RES.writeHead(..., "=~/location/i", <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR.$VARR ...>;
...
$RES.writeHead(..., "=~/location/i", <... $INP ...>, ...)
- pattern: |
$INP = <... $REQ.$VAR ...>;
...
$RES.writeHead(..., {"=~/location/i": <... $INP ...> }, ...)
- pattern: |
$INP = <... $REQ.$VAR.$VARR ...>;
...
$RES.writeHead(..., {"=~/location/i": <... $INP ...> }, ...)
message: Untrusted user input in response header('Location') can result in Open
Redirect vulnerability.
languages:
- javascript
severity: ERROR
metadata:
owasp-web: a1
cwe: cwe-601
license: LGPL-3.0-or-later
Short Link: https://sg.run/PJoe