feat(JS rules): add open redirect rule (#713)

feat: add open redirect rule for JS
Bearer · Mar 3, 2023 · 85650e1 · 85650e1
1 parent c43f1a5
commit 85650e1
Show file tree

Hide file tree

Showing 6 changed files with 83 additions and 0 deletions.
diff --git a/integration/rules/javascript_test.go b/integration/rules/javascript_test.go
@@ -9,6 +9,11 @@ func TestJavascriptLangLogger(t *testing.T) {
 	getRunner(t).runTest(t, javascriptRulesPath+"lang/logger")
 }
 
+func TestJavascriptOpenRedirect(t *testing.T) {
+	t.Parallel()
+	getRunner(t).runTest(t, javascriptRulesPath+"lang/open_redirect")
+}
+
 func TestJavascriptLangSession(t *testing.T) {
 	t.Parallel()
 	getRunner(t).runTest(t, javascriptRulesPath+"lang/session")

diff --git a/pkg/commands/process/settings/rules/javascript/lang/open_redirect.yml b/pkg/commands/process/settings/rules/javascript/lang/open_redirect.yml
@@ -0,0 +1,46 @@
+patterns:
+  - pattern: |
+      location.href = $<USER_INPUT>
+    filters:
+      - variable: USER_INPUT
+        detection: javascript_lang_open_redirect_url
+  - pattern: |
+      window.location.href = $<USER_INPUT>
+    filters:
+      - variable: USER_INPUT
+        detection: javascript_lang_open_redirect_url
+languages:
+  - javascript
+auxiliary:
+  - id: javascript_lang_open_redirect_url
+    patterns:
+      - pattern: new $<METHOD>($<USER_INPUT>)
+        filters:
+          - variable: METHOD
+            values:
+              - URL
+              - URLSearchParams
+          - variable: USER_INPUT
+            detection: javascript_lang_open_redirect_user_input
+  - id: javascript_lang_open_redirect_user_input
+    patterns:
+      - window.location
+      - location
+trigger: presence
+severity:
+  default: "low"
+metadata:
+  description: "Open redirect detected."
+  remediation_message: |
+    ## Description
+    A redirect using unsanitized user input is bad practice and puts your application at greater risk of phishing attacks.
+
+    <!--
+    ## Remediations
+    Coming soon.
+    ## Resources
+    Coming soon.
+    -->
+  cwe_id:
+    - 601
+  id: "javascript_lang_open_redirect"
diff --git a/...s/rules/javascript/lang/open_redirect/.snapshots/TestJavascriptOpenRedirect--insecure.yml b/...s/rules/javascript/lang/open_redirect/.snapshots/TestJavascriptOpenRedirect--insecure.yml
@@ -0,0 +1,23 @@
+low:
+    - rule:
+        cwe_ids:
+            - "601"
+        id: javascript_lang_open_redirect
+        description: Open redirect detected.
+        documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_open_redirect
+      line_number: 4
+      filename: insecure.js
+      parent_line_number: 4
+      parent_content: window.location.href = myPath
+    - rule:
+        cwe_ids:
+            - "601"
+        id: javascript_lang_open_redirect
+        description: Open redirect detected.
+        documentation_url: https://docs.bearer.com/reference/rules/javascript_lang_open_redirect
+      line_number: 5
+      filename: insecure.js
+      parent_line_number: 5
+      parent_content: location.href = myPath2
+
+
diff --git a/...ngs/rules/javascript/lang/open_redirect/.snapshots/TestJavascriptOpenRedirect--secure.yml b/...ngs/rules/javascript/lang/open_redirect/.snapshots/TestJavascriptOpenRedirect--secure.yml
@@ -0,0 +1,3 @@
+{}
+
+
diff --git a/pkg/commands/process/settings/rules/javascript/lang/open_redirect/testdata/insecure.js b/pkg/commands/process/settings/rules/javascript/lang/open_redirect/testdata/insecure.js
@@ -0,0 +1,5 @@
+var myPath = new URLSearchParams(window.location)
+var myPath2 = new URL(location.href)
+
+window.location.href = myPath
+location.href = myPath2
diff --git a/pkg/commands/process/settings/rules/javascript/lang/open_redirect/testdata/secure.js b/pkg/commands/process/settings/rules/javascript/lang/open_redirect/testdata/secure.js
@@ -0,0 +1 @@
+window.location.href = "https://mish.bearer.com/?" + params["userId"]