Issue
I’m facing an issue that I have no concrete lead on how to resolve.
The project is a Webforms which target .Net Framework 4.7.2 and the code is analysed by SonarQube.
Somewhere in the code there is a line that do
Response.Redirect($"~/dummyexample.aspx{Request.Url.Query}&pid={x.Id}");
So because we take the Request.Url.Query it’s trigger the issue "HTTP request redirections should not be open to forging attacks" https://rules.sonarsource.com/csharp/RSPEC-5146
I understand why the issue is triggered but I have no idea in how to correct it (we can’t have a "whitelist" of urls).
I read this from the msdn https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/preventing-open-redirection-attacks but wasn’t able to apply it.
Can someone help me?
Thanks a lot 🙂
Solution
The issue is an attacker could put some javascript (or other harmful code) in the querystring. Your code is passing this string, without any check, to another page.
I think this could be resolved by html encoding this string before passing it to the next page.
Like this:
Response.Redirect($"~/dummyexample.aspx{HttpUtility.HtmlEncode(Request.Url.Query)}&pid={x.Id}");
Answered By – tim-
Answer Checked By – Candace Johnson (BugsFixing Volunteer)