Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Create open-redirect.js #3

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Conversation

varunsh-coder
Copy link
Member

@varunsh-coder varunsh-coder commented May 10, 2023

This vulnerable code is from the Semgrep registry

Copy link

@step-security-bot step-security-bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please find StepSecurity AI-CodeWise code comments below.

Code Comments

open-redirect.js

  • [High]Prevent Open Redirect Vulnerabilities
    The code allows an attacker to redirect a user to a malicious site via specially crafted input passed to the 'input' variable. Validate input using a white list of accepted values rather than a black list of possible malicious values.

Replace $window.location.href = input with a function that builds an expected target URL from the input and rejects the redirection if it differs.

  • [Low]Avoid using triple 'location' keyword assignments to variables
    The code sets 'test' value to the variable named 'location'. Replace the variable name with something else like 'test_location'.

Feedback

We appreciate your feedback in helping us improve the service! To provide feedback, please use emojis on this comment. If you find the comments helpful, give them a 👍. If they aren't useful, kindly express that with a 👎. If you have questions or detailed feedback, please create n GitHub issue in StepSecurity/AI-CodeWise.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants