hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

add host comparisons as a sanitizer for url-redirect

Browse Source
This commit is contained in:
erik-krogh
2024-02-13 13:08:08 +01:00
parent f4dd3e9aa1
commit 4dae8d0bb4
2 changed files with 30 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs
View File

@@ -26,6 +26,10 @@ public class UrlRedirectHandler2 : IHttpHandler
// GOOD: The redirect is to a relative URL
ctx.Response.Redirect(url.ToString());
}
if (url.Host == "example.org") {
// GOOD: The redirect is to a known host
ctx.Response.Redirect(url.ToString());
}
}
}