javascript.angular.security.detect-angular-open-redirect.detect-angular-open-redirect
semgrepAuthor
180
Download Count*
License
Use of $window.location.href can lead to open-redirect if user input is used for redirection.
Run Locally
Run in CI
Defintion
rules:
- id: detect-angular-open-redirect
message: Use of $window.location.href can lead to open-redirect if user input is
used for redirection.
metadata:
asvs:
section: V5 Validation, Sanitization and Encoding
control_id: 5.5.1 Insecue Redirect
control_url: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v51-input-validation
version: "4"
references:
- https://docs.angularjs.org/api/ng/service/$sce#trustAsJs
- https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20170727_AngularJS.pdf
category: security
cwe:
- "CWE-79: Improper Neutralization of Input During Web Page Generation
('Cross-site Scripting')"
technology:
- angular
owasp:
- A07:2017 - Cross-Site Scripting (XSS)
- A03:2021 - Injection
cwe2022-top25: true
cwe2021-top25: true
subcategory:
- audit
likelihood: LOW
impact: MEDIUM
confidence: LOW
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Cross-Site-Scripting (XSS)
languages:
- javascript
- typescript
severity: ERROR
patterns:
- pattern: |
$window.location.href = ...
- pattern-not: |
$window.location.href = "..."
Examples
detect-angular-open-redirect.js
var app = angular.module('MyApp', []);
app.controller('myCtrl', function($scope, $sce) {
$scope.userInput = 'foo';
$scope.sayHello = function() {
// ruleid:detect-angular-open-redirect
$window.location.href = input + '/app/logout';
input = $scope.input;
// ruleid:detect-angular-open-redirect
$window.location.href = input + '/app/logout';
//Data is not coming from user input
$location.location.location = test
// ok:detect-angular-open-redirect
$window.location.href = "//untatintedredirect"
};
});
Short Link: https://sg.run/rdn1