Skip to content

Open redirection Forgery

Description

Open redirection vulnerabilities arise when an application incorporates user-controllable data into the target of a redirection in an unsafe way. An attacker can construct a URL within the application that causes a redirection to an arbitrary external domain. This behavior can be leveraged to facilitate phishing attacks against users of the application. The ability to use an authentic application URL, targeting the correct domain and with a valid SSL certificate (if SSL is used), lends credibility to the phishing attack.

Remediation

In many cases, this behavior can be avoided in two ways:

  • Remove the redirection function from the application, and replace links to it with direct links to the relevant target URLs.
  • Maintain a server-side list of all URLs that are permitted for redirection. Instead of passing the target URL as a parameter to the redirector, pass an index into this list.

GraphQL Specific

Apollo To mitigate open redirection vulnerabilities in the Apollo framework engine, ensure that all URL redirections are validated against a whitelist of allowed URLs. Do not rely on user input for target URLs without proper validation. Implement server-side checks to verify that the redirection target is a trusted and intended destination. Additionally, consider using built-in security features of the framework that may automatically handle such validations.
Yoga To mitigate open redirection vulnerabilities in the Yoga framework engine, ensure that all URL redirections are validated against a whitelist of allowed URLs. Do not rely on user input for target URLs without validation. Implement server-side checks to verify that the redirection target is a trusted and intended destination. Additionally, avoid using unvalidated URL parameters to redirect users. If possible, use indirect mapping of URLs by assigning each allowed URL a unique identifier that is used in the redirection logic instead of the actual URL itself.
Awsappsync To mitigate Open Redirection vulnerabilities in AWS AppSync, ensure that all URLs and URI parameters are validated against a whitelist of allowed destinations before redirecting. Implement server-side checks and do not rely on client-side validation alone. Additionally, avoid using user input directly in redirection logic, and employ security features such as AWS WAF to filter out malicious requests.
Graphqlgo To mitigate open redirection vulnerabilities in a GraphQL Go framework engine, ensure that all URLs and redirect parameters are validated against a whitelist of allowed destinations before redirecting. Implement strict input validation to ensure that only intended destinations are permissible, and avoid relying on user input for determining redirect targets. Additionally, use built-in URL parsing and validation functions provided by the Go standard library to further secure the application against open redirection attacks.
Graphqlruby To mitigate open redirection vulnerabilities in a GraphQL Ruby framework, ensure that all URLs and redirect parameters are validated against a whitelist of allowed destinations before redirecting. Implement server-side checks to verify that the URL belongs to your application's domain or a list of approved domains. Additionally, avoid using user input directly in redirect functions without proper validation and sanitization. Consider using built-in Rails functions such as `url_for` and `redirect_to` which provide additional security measures against open redirection attacks.
Hasura To mitigate open redirection vulnerabilities in the Hasura framework, ensure that all URL redirections are validated against a whitelist of allowed URLs. Do not rely on user input for determining the destination URL without proper validation. Additionally, employ server-side checks to verify that the redirection target is a trusted and intended location before performing the redirect.
Agoo Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Ariadne Implement strict validation and whitelisting of redirect URLs to ensure they only point to trusted domains within the Ariadne framework engine.
Caliban Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Dgraph Validate and whitelist redirect URLs to ensure they only point to trusted domains within the Dgraph framework.
Dianajl Validate and sanitize user input to ensure redirection targets are restricted to a whitelist of trusted domains.
Directus Validate and sanitize all user input used in redirection URLs to ensure they only allow redirection to trusted domains.
Flutter Validate and sanitize all user input used in redirection URLs to ensure they only allow redirection to trusted domains.
Graphene Validate and sanitize user input for redirection URLs in the Graphene framework to ensure they only allow safe, predefined destinations.
Graphqlapiforwp Validate and sanitize all user inputs used in redirection URLs to ensure they only allow safe, predefined destinations.
Graphqlgophergo Validate and sanitize user input for redirection URLs to ensure they only allow safe, predefined destinations.
Graphqljava Validate and sanitize user input for redirection URLs to ensure they point to trusted domains only, and consider using a whitelist of allowed redirect destinations.
Graphqlphp Validate and sanitize user input for redirection URLs to ensure they point to trusted domains only.
Graphqlyoga Validate and sanitize user input for redirection URLs to ensure they point to trusted domains only.
Hypergraphql Validate and whitelist redirect URLs to ensure they only point to trusted domains.
Jaal Validate and whitelist redirect URLs to ensure they only point to trusted domains within the Jaal framework engine.
Juniper Implement strict validation and whitelisting of redirect URLs to ensure they only point to trusted domains within the Juniper framework engine.
Lacinia Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Lighthouse Implement strict allowlist validation for redirect URLs
Mercurius Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Morpheusgraphql Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Qglgen Validate and whitelist redirect URLs to ensure they only point to trusted domains within the qglgen framework.
Sangria Validate and sanitize redirect URLs to ensure they point to trusted domains only
Shopify Validate and whitelist redirect URLs to ensure they only point to trusted domains within the Shopify framework.
Stepzen Validate and sanitize all user input used in redirection URLs to ensure they only allow redirection to trusted domains.
Strawberry Validate and whitelist redirect URLs to ensure they only point to trusted domains within the Strawberry Framework Engine.
Tartiflette Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Wpgraphql Validate and whitelist redirect URLs to ensure they point to trusted domains only.

REST Specific

Asp_net To mitigate open redirection vulnerabilities in ASP.NET, validate and whitelist URLs before redirecting. Use the `Uri.IsWellFormedUriString` method to check if the URL is valid and ensure it points to a trusted destination. Additionally, avoid using user input directly in `Response.Redirect` or other redirection methods. If user input must be used for redirection, map expected inputs to valid destination URLs on the server side.
Ruby_on_rails In Ruby on Rails, prevent open redirection vulnerabilities by validating the URL before performing a redirection. Use built-in methods such as 'url_for' or 'redirect_to' with only path helpers or known URLs, and avoid directly inserting user-supplied input into these methods. Implement a whitelist of allowed domains if redirection to different domains is necessary, and check the user input against this list before redirecting. Additionally, use Rails' 'URI' module to parse and validate URLs to ensure they are safe for redirection.
Next_js In Next.js, to prevent open redirection vulnerabilities, validate and sanitize all user inputs used for redirection. Ensure that the destination URLs are either relative paths or match a whitelist of allowed domains. Use the built-in `next/router` or `next/link` for client-side redirection, and avoid directly using user input for the `href` attribute. Additionally, implement server-side checks in API routes or `getServerSideProps` to further enforce these restrictions.
Laravel In Laravel, to prevent open redirection vulnerabilities, always validate and sanitize external URLs before redirecting. Use the 'url' helper function to generate URLs to internal routes, and for external URLs, implement a whitelist of allowed domains. Additionally, avoid using user input directly in the 'redirect()' function without proper validation.
Express_js To mitigate open redirection vulnerabilities in Express.js, validate and sanitize all user input used for redirection. Ensure that the destination URLs are either relative paths or match a whitelist of allowed domains. Additionally, avoid directly using user input to set the 'Location' header or the 'res.redirect()' method's argument. Implementing strict input validation can prevent attackers from redirecting users to malicious sites.
Django In Django, ensure that all redirects are validated against a whitelist of allowed URLs or use Django's built-in `is_safe_url()` function to validate the URL before performing the redirect. Avoid using user input directly in the `redirect()` function without proper validation.
Symfony In Symfony, to prevent open redirection vulnerabilities, ensure that all redirects are to URLs that are either static, predefined, or validated against a whitelist of allowed domains. Use the 'Symfony\\Component\\HttpFoundation\\RedirectResponse' class for redirection and avoid directly using user input in the 'Location' header. Additionally, implement CSRF tokens in forms to protect against cross-site request forgery, which can be related to open redirection attacks.
Spring_boot In Spring Boot, to prevent open redirection attacks, validate and sanitize all user-supplied URL redirection targets. Only allow redirects to a whitelist of trusted URLs or URI paths. Additionally, avoid directly using request parameters to construct redirection URLs. If dynamic redirection is necessary, map user input to a set of predefined paths or use a safe method like 'UriComponentsBuilder' from Spring Framework to construct the redirection URL.
Flask In Flask, to prevent open redirection vulnerabilities, ensure that all URL redirections are validated against a whitelist of allowed domains or paths before redirecting. Use the 'url_for' function for internal redirects and validate external redirect targets against a predefined list of safe URLs.
Nuxt In Nuxt.js, to prevent open redirection vulnerabilities, ensure that all redirects are validated against a whitelist of allowed URLs. Do not use user input directly for redirection purposes without validation. Implement server-side checks to verify that the redirection URL is to a known and trusted destination. Additionally, consider using the built-in 'redirect' method provided by Nuxt.js, which can be configured to allow redirects only to certain predefined URLs.
Fastapi In FastAPI, to prevent open redirection vulnerabilities, validate and sanitize all user-supplied URLs before redirecting. Use a whitelist of allowed domains to compare against the user input, and only perform the redirection if the target URL matches an entry in the whitelist. Additionally, avoid using raw user input directly in redirection functions; instead, parse the URL and ensure it leads to a safe and intended destination.
Frappe Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Genzio Implement strict validation on redirect URLs to ensure they only point to trusted domains within the Genzio framework engine.
Gin Validate and whitelist redirect URLs to ensure they only point to trusted domains.
Gorilla Validate and whitelist redirect URLs to ensure they only point to trusted domains within the application.
Hapi Validate and sanitize redirect URLs using Hapi's built-in validation methods to ensure they only allow safe, predefined destinations.
Hono Validate and sanitize all user inputs used in redirection URLs to ensure they only allow safe, predefined destinations.
Jersey Validate and sanitize redirect URLs to ensure they point to trusted domains only
Koa Validate and sanitize all user input for redirection targets, ensuring they match a whitelist of allowed domains, and use a library like 'koa-safe-redirect' to handle redirects safely in the Koa framework.
Ktor Validate and sanitize redirect URLs to ensure they point to trusted domains only
Leptos Validate and whitelist redirect URLs to ensure they point to trusted domains only.
Macaron Validate and whitelist redirect URLs to ensure they only point to trusted domains within the macaron framework.
Phoenix Validate and restrict redirect URLs to a whitelist of trusted domains in the Phoenix framework.
Redwoodjs Validate and sanitize redirect URLs to ensure they point to trusted domains only, using RedwoodJS's built-in utilities for URL handling.
Rocket Validate and whitelist redirect URLs to ensure they only point to trusted domains.
Sveltekit Validate and sanitize user input for redirection URLs, ensuring they only point to trusted domains or use a whitelist of allowed URLs in SvelteKit applications.

Configuration

Identifier: request_forgery/open_redirect

Examples

Ignore this check

checks:
  request_forgery/open_redirect:
    skip: true

Score

  • Escape Severity:

Compliance

  • OWASP: API3:2023
  • OWASP LLM: LLM02:2023
  • pci: 6.5.10
  • gdpr: Article-32
  • soc2: CC1
  • psd2: Article-97
  • iso27001: A.14.2
  • nist: SP800-53
  • fedramp: AC-4

Classification

  • CWE: 601

Score

  • CVSS_VECTOR: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N