Security Vulnerability Report: Open Redirect in Login

[Cainor]

السلام عليكم ورحمة الله وبركاته

Dear Team,

Thank you for your contribution to the open source community.
While doing some source code review on Kuiper, I was able to find an Open Redirect vulnerability in next parameter that is used in the login process.

Open Redirect Description and Impact:
An Open Redirect issue occurs when a web application redirects users to external URLs without proper validation. This can lead to phishing attacks, where users are tricked into visiting malicious sites, potentially leading to information theft and reputational damage to the website used for redirection.

Vulnerable Code:

Kuiper/kuiper/app/__init__.py

Lines 262 to 270 in 4602e0e

	else:
	session['user_id'] = request.form['user']
	session['last_visit'] = datetime.now()
	url = request.args.get('url' , None)
	if url is None:
	return redirect(url_for('home'))
	else:
	return redirect(url)

As you can see, the next parameter is not validated to be part of the site.

Recommended Solution:
Validate the user input before redirecting them.
I wish I had some knowledge in Flask just to contribute to your great repo. Here is a recommended solution I found:
https://pythonkitchen.com/how-prevent-open-redirect-vulnerab-flask/

Hope this helps.
Good luck :)

[salehmuhaysin]

thank you Cainor,
i think there are a lot of vulnerabilities in Kuiper, specially since it uses python 2.7 with all of its libraries.
it is intended to be used for internal team not public, so i did not do much for the vulnerabilities as long as it help the analyst to do their job. :)