AWS logo
Amazon QDetector Library

URL redirection to untrusted site High

An HTTP parameter could contain a URL value and cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker could successfully launch a phishing attack and steal user credentials.

Detector ID
scala/open-redirect@v1.0
Category
Common Weakness Enumeration (CWE) external icon

Noncompliant example

1import javax.servlet.http.HttpServletRequest
2import javax.servlet.http.HttpServletResponse
3
4class OpenRedirectNoncompliant extends HttpServlet {
5    def nonCompliant(req: HttpServletRequest, res: HttpServletResponse): Unit = {
6      val forwardedUrl = req.getHeader("Forwarded")
7      if (forwardedUrl != null && !forwardedUrl.isEmpty) {
8        // Noncompliant: Using user-controlled input in the Forwarded header for redirection
9        res.sendRedirect(forwardedUrl)
10      }
11    }
12}

Compliant example

1import javax.servlet.http.HttpServletRequest
2import javax.servlet.http.HttpServletResponse
3
4class OpenRedirectCompliant extends HttpServlet {
5    def compliant(req: HttpServletRequest, res: HttpServletResponse): Unit = {
6      val forwardedUrl = req.getHeader("Forwarded")
7      if (forwardedUrl.getHost.contains("trusteddomain.com")) {
8        // Compliant: The forwarded URL is validated before use.
9        Redirect(validatedUrl)
10      } else {
11        BadRequest("Invalid URL")
12      }
13  }
14}