csharp.lang.security.open-redirect.open-redirect
semgrep
Author
unknown
Download Count*
License
A query string parameter may contain a URL value that could cause the web application to redirect the request to a malicious website controlled by an attacker. Make sure to sanitize this parameter sufficiently.
Run Locally
Run in CI
Defintion
rules:
- id: open-redirect
mode: taint
pattern-sources:
- patterns:
- focus-metavariable: $PARAM
- pattern-inside: |
public $TYPE $FUNCNAME (..., string $PARAM, ...) {
...
}
pattern-sinks:
- patterns:
- pattern: Redirect(...)
- pattern-not-inside: |
if (IsLocalUrl(...)) {
...
Redirect(...);
...
}
- pattern-not-inside: |
if ($URL.IsLocalUrl(...)) {
...
Redirect(...);
...
}
message: A query string parameter may contain a URL value that could cause the
web application to redirect the request to a malicious website controlled
by an attacker. Make sure to sanitize this parameter sufficiently.
metadata:
category: security
technology:
- csharp
cwe:
- "CWE-601: URL Redirection to Untrusted Site ('Open Redirect')"
references:
- https://cwe.mitre.org/data/definitions/601.html
owasp:
- A01:2021 - Broken Access Control
subcategory:
- vuln
likelihood: MEDIUM
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Open Redirect
languages:
- csharp
severity: ERROR
Examples
open-redirect.cs
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
if (!String.IsNullOrEmpty(returnUrl))
{
// ruleid: open-redirect
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("",
"The user name or password provided is incorrect.");
}
}
}
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
if (IsLocalUrl(returnUrl))
{
// ok: open-redirect
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("",
"The user name or password provided is incorrect.");
}
}
}
[HttpPost]
public ActionResult LogOn(LogOnModel model, string returnUrl)
{
if (ModelState.IsValid)
{
if (MembershipService.ValidateUser(model.UserName, model.Password))
{
FormsService.SignIn(model.UserName, model.RememberMe);
if (Url.IsLocalUrl(returnUrl))
{
// ok: open-redirect
return Redirect(returnUrl);
}
else
{
return RedirectToAction("Index", "Home");
}
}
else
{
ModelState.AddModelError("",
"The user name or password provided is incorrect.");
}
}
}
Short Link: https://sg.run/2Jr5