Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

False Positive for Open Redirect #58

Closed
chris-hanna opened this issue Jun 20, 2018 · 2 comments
Closed

False Positive for Open Redirect #58

chris-hanna opened this issue Jun 20, 2018 · 2 comments
Labels
false positive

Comments

@chris-hanna
Copy link

Are cleansing functions taken into consideration by the analyzer? Not just for open redirect but also xss and other vulnerabilities that need sanitizing.

This still shows a warning:

//if (!string.IsNullOrEmpty(model.ReturnUrl))
if (Url.IsLocalUrl(model.ReturnUrl))
{
    return Redirect(model.ReturnUrl);
}

The only way to get rid of the warning is to hard code the url string which isn't practical...
return Redirect("www.google.com");
@JarLob
Copy link
Contributor

JarLob commented Jun 21, 2018

While it should detect it automatically, the other workaround would be to add inline suppression.

@JarLob JarLob added this to the 2.9.0 milestone Jul 26, 2018
@JarLob JarLob modified the milestones: 2.9.0, 3.0.0 Oct 22, 2018
@JarLob
Copy link
Contributor

JarLob commented Nov 17, 2018

Closed via a1a2e92

@JarLob JarLob closed this as completed Nov 17, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
false positive
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@chris-hanna @JarLob