[SOLVED] .Net RedirectTo with querystring from original request Sonar Issue

Issue

I’m facing an issue that I have no concrete lead on how to resolve.

The project is a Webforms which target .Net Framework 4.7.2 and the code is analysed by SonarQube.

Somewhere in the code there is a line that do

Response.Redirect($"~/dummyexample.aspx{Request.Url.Query}&pid={x.Id}");

So because we take the Request.Url.Query it’s trigger the issue "HTTP request redirections should not be open to forging attacks" https://rules.sonarsource.com/csharp/RSPEC-5146

I understand why the issue is triggered but I have no idea in how to correct it (we can’t have a "whitelist" of urls).

I read this from the msdn https://docs.microsoft.com/en-us/aspnet/mvc/overview/security/preventing-open-redirection-attacks but wasn’t able to apply it.

Can someone help me?

Thanks a lot 🙂

Solution

The issue is an attacker could put some javascript (or other harmful code) in the querystring. Your code is passing this string, without any check, to another page.

I think this could be resolved by html encoding this string before passing it to the next page.

Like this:

Response.Redirect($"~/dummyexample.aspx{HttpUtility.HtmlEncode(Request.Url.Query)}&pid={x.Id}");

Answered By – tim-

Answer Checked By – Candace Johnson (BugsFixing Volunteer)

Leave a Reply

Your email address will not be published. Required fields are marked *