-
Notifications
You must be signed in to change notification settings - Fork 482
Open
Labels
enhancementNew feature or improvement to existing detector.New feature or improvement to existing detector.false-positiveSomething that should not report.Something that should not report.
Description
I have a redirect that is based on the context path of the request. The context path is not user entered and will be set to whatever the context is being used.
In addition, the URI being assembled with it has already been normalized, verified that it is not absolute and start with a path separator. As such the following code should not trigger the warning.
final URI stateUri = URI.create(state).normalize();
if (stateUri.isAbsolute()) {
throw new AuthException("'state' must not be an absolute URI");
}
if (!stateUri.getPath().startsWith("/")) {
throw new AuthException("'state' must start with '/'");
}
resp.sendRedirect(URI.create(req.getContextPath() + stateUri.toASCIIString()).normalize().toASCIIString());
Full code can be found in
There rule finds the error three times in the file.
Metadata
Metadata
Assignees
Labels
enhancementNew feature or improvement to existing detector.New feature or improvement to existing detector.false-positiveSomething that should not report.Something that should not report.