ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5146/php/rule.adoc
Fred Tingaud b4161466e6
RULEAPI-661: Add syntax coloring
2022-02-04 16:28:24 +00:00

94 lines
2.0 KiB
Plaintext
Raw Blame History

User-provided data, such as URL parameters, POST data payloads, or cookies, should always be considered untrusted and tainted. Applications performing HTTP redirects based on tainted data could enable an attacker to redirect users to a malicious site to, for example, steal login credentials.
This problem could be mitigated in any of the following ways:
* Validate the user-provided data based on a whitelist and reject input not matching.
* Redesign the application to not perform redirects based on user-provided data.
== Noncompliant Code Example
Symfony
[source,php]
----
public function redirect(Request $request)
{
$url = $request->query->get('url');
return $this->redirect($url); // Noncompliant
}
public function setLocatioHeader(Request $request)
{
$url = $request->query->get('url');
$response = new Response('Redirecting...', 302);
$response->headers->set('Location', $url); // Noncompliant
return $response;
}
----
Laravel
[source,php]
----
public function redirect(Request $request)
{
$url = $request->input('url');
return $this->redirect($url); // Noncompliant
}
public function setLocatioHeader(Request $request)
{
$url = $request->input('url');
return response("", 302)
->header('Location', $url) // Noncompliant
}
----
== Compliant Solution
Symfony
[source,php]
----
public function redirect(Request $request)
{
$url = $request->query->get('url');
$allowedUrls = ["/index", "/login", "/logout"];
if (in_array($url, $allowedUrls, true)) {
return $this->redirect($url);
} else {
$this->redirect("/");
}
}
----
Laravel
[source,php]
----
public function redirect(Request $request)
{
$url = $request->input('url');
$allowedUrls = ["/index", "/login", "/logout"];
if (in_array($url, $allowedUrls, true)) {
return $this->redirect($url);
} else {
return redirect("/");
}
}
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
include::../highlighting.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink