Open Redirect Vulnerability Mitigation - CWE 601 #1963
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
May 28, 2020 19:27
NGPixel
approved these changes
May 29, 2020
jionggyu
pushed a commit
to jionggyu/wiki-2.5.302-patch
that referenced
this pull request
Jul 9, 2024
* Open redirect vulnerabilty mitigation * Refacted Open Redirect to user configurable and corrected incorrect security variable names. Co-authored-by: danallendds <daniel.allen@friends.dds.mil>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Refactored Open Redirect vulnerability to allow for user configuration as requested.
Prior it was observed that the req.url could get parsed to navigate a user to an external website, example: https://docs.requarks.io////google.com// would navigate directly to google.com. This behavior was observed in the req.url variable. This PR allows a configurable middleware to strip all repeating / characters from the user controlled url. More about the vulnerability can be found at
https://cwe.mitre.org/data/definitions/601.html
In addition, it was observed that ./server/middlewares/secruity.js if statements were not referencing global variables correctly as per the ./server/app/data.yml file structure. As such they were effectively being ignored as confirmed by console.log statements. The data.yml format required the variables to be referenced as WIKI.config.security.* to be effective. This PR simultaneously fixes that issue.