Skip to content

Commit a02f373

Browse files
author
Max Schaefer
committed
Use better sanitiser.
1 parent 8736413 commit a02f373

File tree

2 files changed

+18
-6
lines changed

2 files changed

+18
-6
lines changed

javascript/ql/src/Security/CWE-601/examples/ServerSideUrlRedirectGood2.js

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,19 @@
11
const app = require("express")();
22

3-
function isRelativePath(path) {
4-
return !/^(\w+:)?[/\\]{2}/.test(path);
3+
function isLocalUrl(path) {
4+
try {
5+
return (
6+
new URL(path, "https://example.com").origin === "https://example.com"
7+
);
8+
} catch (e) {
9+
return false;
10+
}
511
}
612

713
app.get("/redirect", function (req, res) {
814
// GOOD: check that we don't redirect to a different host
915
let target = req.query["target"];
10-
if (isRelativePath(target)) {
16+
if (isLocalUrl(target)) {
1117
res.redirect(target);
1218
} else {
1319
res.redirect("/");

javascript/ql/test/query-tests/Security/CWE-601/ServerSideUrlRedirect/ServerSideUrlRedirectGood2.js

Lines changed: 9 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -1,13 +1,19 @@
11
const app = require("express")();
22

3-
function isRelativePath(path) {
4-
return !/^(\w+:)?[/\\]{2}/.test(path);
3+
function isLocalUrl(path) {
4+
try {
5+
return (
6+
new URL(path, "https://example.com").origin === "https://example.com"
7+
);
8+
} catch (e) {
9+
return false;
10+
}
511
}
612

713
app.get("/redirect", function (req, res) {
814
// GOOD: check that we don't redirect to a different host
915
let target = req.query["target"];
10-
if (isRelativePath(target)) {
16+
if (isLocalUrl(target)) {
1117
res.redirect(target);
1218
} else {
1319
res.redirect("/");

0 commit comments

Comments
 (0)