Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in comments/views.py #202

Closed
gtqbhksl opened this issue Aug 31, 2024 · 1 comment
Closed

CWE-601: URL Redirection to Untrusted Site ('Open Redirect') in comments/views.py #202

gtqbhksl opened this issue Aug 31, 2024 · 1 comment

Comments

@gtqbhksl
Copy link

The code uses the user-controlled next variable to redirect. If next is not verified, an attacker could induce users to redirect to a malicious website.

First:


Snippets of code comments/urls.pypy (line 10) :
path('odpovedat/<int:parent>/', views.Reply.as_view(), name='reply'),

Snippet of code comments/views.py (lines 97 through 97) :
next_url = self.request.POST.get('next', '')

Snippet of code comments/views.py (lines 100 to 100) :
return http.HttpResponseRedirect(next_url + '#link_' + str(comment.pk))

Second:

Snippets of code comments/urls.pypy (line 12) :
path('sledovat/<int:pk>/', views.Watch.as_view(), name='watch'),

Snippets of code comments/views.py (lines 140 through 140) :
def post(self, request, **kwargs):

Snippets of code comments/views.py (lines 152 through 152) :
return HttpResponseRedirect(request.POST['next'])

Third:

Snippets of code comments/urls.pypy (line 13) :
path('zabudnut/<int:pk>/', views.Forget.as_view(), name='forget'),

Snippet of code comments/views.py (lines 161 through 161) :
def get(self, request, **kwargs):

Snippet of code comments/views.py (lines 165 through 165) :
return HttpResponseRedirect(request.GET['next'])

Safety advice:
Verify the next parameter: Make sure that the next parameter points to a predefined, secure list of urls, or use a whitelist to limit acceptable values.

Use security functions: If the Django framework is being used, consider using Django's is_safe_url or a similar method to verify the security of the URL.

Encoded output: Ensure that the redirected target URL is properly encoded to prevent injection attacks.

Logging: Logging relevant information prior to redirection helps in tracing and debugging in the event of a security incident.

Error handling: If the next_url is invalid or points to an insecure address, there should be an explicit error handling mechanism rather than a simple redirect.
@mireq mireq closed this as completed in ebd1c2c Sep 2, 2024
@mireq
Copy link
Collaborator

mireq commented Sep 2, 2024

Thanks for report. Checks and logging are implemented now.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mireq @gtqbhksl