Skip to content

Security: Open Redirect Vulnerability in Redirect Endpoint#336

Open
tuanaiseo wants to merge 1 commit into
hiteshchoudhary:mainfrom
tuanaiseo:contribai/fix/security/open-redirect-vulnerability-in-redirect-
Open

Security: Open Redirect Vulnerability in Redirect Endpoint#336
tuanaiseo wants to merge 1 commit into
hiteshchoudhary:mainfrom
tuanaiseo:contribai/fix/security/open-redirect-vulnerability-in-redirect-

Conversation

@tuanaiseo

Copy link
Copy Markdown

Problem

The redirect endpoint at src/controllers/kitchen-sink/redirect.controllers.js allows arbitrary URL redirection. While there is a validator using isURL(), this validation can be bypassed with certain URL formats (e.g., data: URLs, javascript: URLs, or other protocols). An attacker could craft a malicious URL to redirect users to phishing sites.

Severity: high
File: src/controllers/kitchen-sink/redirect.controllers.js

Solution

Implement a whitelist of allowed domains or use a URL parsing library to validate and restrict redirects to internal domains only. Consider using a function like: const allowedDomains = ['example.com', 'localhost']; const parsedUrl = new URL(url); if (!allowedDomains.includes(parsedUrl.hostname)) return res.status(400).json({error: 'Invalid redirect URL'});

Changes

  • src/controllers/kitchen-sink/redirect.controllers.js (modified)

Testing

  • Existing tests pass
  • Manual review completed
  • No new warnings/errors introduced

…ndpoint

The redirect endpoint at src/controllers/kitchen-sink/redirect.controllers.js allows arbitrary URL redirection. While there is a validator using isURL(), this validation can be bypassed with certain URL formats (e.g., data: URLs, javascript: URLs, or other protocols). An attacker could craft a malicious URL to redirect users to phishing sites.

Affected files: redirect.controllers.js

Signed-off-by: tuanaiseo <221258316+tuanaiseo@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant