Message6940
Consider:
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
* Where possible, have the user provide short name, ID or token which
is mapped server-side to a full target URL.
* This provides the highest degree of protection against the
attack tampering with the URL.
* Be careful that this doesn't introduce an enumeration
vulnerability where a user could cycle through IDs to find all
possible redirect targets
by prepending the site url, I am attempting to use a short name in the
redirect. This also recommends:
Validating URLs
When attempting to validate and sanitise user-input to determine
whether the URL is safe, wherever possible you should use a built-in
library or function to parse the URLs, such as parse_url() in PHP,
rather than rolling your own parser using regex. Additionally, make
sure that you take the following into account:
Input starting with a / to redirect to local pages is not safe.
//example.org is a valid URL.
Input starting with the desired domain name is not safe.
https://example.org.attacker.com is valid.
Only allow HTTP(S) protocols. All other protocols, including
JavaScript URIs such as javascript:alert(1) should be blocked
Data URIs such as data:text/html,<script>alert(document.domain)
</script> should be blocked
I think my technique is guarding against all of these, but it needs to
be tested.
|
|
Date |
User |
Action |
Args |
2020-08-13 02:48:03 | rouilj | set | messageid: <1597286883.93.0.445343641001.issue2550951@roundup.psfhosted.org> |
2020-08-13 02:48:03 | rouilj | set | recipients:
+ rouilj, antmail |
2020-08-13 02:48:03 | rouilj | link | issue2550951 messages |
2020-08-13 02:48:03 | rouilj | create | |
|