hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

treat relative URLs as safe for url-redirects

Browse Source
This commit is contained in:
erik-krogh
2024-02-13 13:13:18 +01:00
parent 3f8de82ea3
commit f4dd3e9aa1
2 changed files with 27 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
csharp/ql/test/query-tests/Security Features/CWE-601/UrlRedirect/UrlRedirect2.cs
View File

@@ -20,6 +20,12 @@ public class UrlRedirectHandler2 : IHttpHandler
// GOOD: the request parameter is validated against set of known fixed strings
ctx.Response.Redirect(redirectUrl);
}
var url = new Uri(redirectUrl, UriKind.RelativeOrAbsolute);
if (!url.IsAbsoluteUri) {
// GOOD: The redirect is to a relative URL
ctx.Response.Redirect(url.ToString());
}
}
}