hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 03:36:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/EnableJavaOverlayCompilation
codeql/go/ql/test/query-tests/Security/CWE-020/IncompleteHostnameRegexp/IncompleteHostnameRegexp.go
Chuan-kai Lin aa514fff32 codeql-go merge prep: move into go/ directory
2022-05-20 10:07:19 -07:00

17 lines
349 B
Go
Raw Permalink Blame History

package main
import (
"errors"
"net/http"
"regexp"
)
func checkRedirect(req *http.Request, via []*http.Request) error {
// BAD: the host of `req.URL` may be controlled by an attacker
re := "^((www|beta).)?example.com/"
if matched, _ := regexp.MatchString(re, req.URL.Host); matched {
return nil
}
return errors.New("Invalid redirect")
}
Reference in New Issue View Git Blame Copy Permalink