grandnode2 icon indicating copy to clipboard operation
grandnode2 copied to clipboard
verified publisher icon grandnode

Fix code scanning alert no. 237: URL redirection from remote source

Open KrzysztofPajak opened this issue 1 year ago • 0 comments

Fixes https://github.com/grandnode/grandnode2/security/code-scanning/237

To fix the problem, we need to ensure that the returnUrl parameter is validated to prevent open redirection attacks. Specifically, we should check if the returnUrl is a local URL before using it in a redirect. If it is not a local URL, we should redirect to a safe default URL.

  • Add a check using Url.IsLocalUrl(returnUrl) in the ChangeStore method.
  • If the returnUrl is not local, set it to a safe default URL.
  • This change should be made in the ChangeStore method in the file src/Web/Grand.Web.Admin/Controllers/HomeController.cs.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

KrzysztofPajak avatar Oct 03 '24 17:10 KrzysztofPajak