To fix the problem, we need to ensure that the user-provided query parameters do not lead to an open redirect vulnerability. We can use Django's url_has_allowed_host_and_scheme function to validate the constructed URL before redirecting. This function checks that the URL is safe by ensuring it does not contain an untrusted host or scheme.
Import the url_has_allowed_host_and_scheme function from django.utils.http.
Validate the search_url before redirecting.
If the URL is not valid, redirect to a safe default URL (e.g., the home page).
Suggested fixes powered by Copilot Autofix. Review carefully before merging.
Fixes https://github.com/MTES-MCT/acceslibre/security/code-scanning/57
To fix the problem, we need to ensure that the user-provided query parameters do not lead to an open redirect vulnerability. We can use Django's
url_has_allowed_host_and_schemefunction to validate the constructed URL before redirecting. This function checks that the URL is safe by ensuring it does not contain an untrusted host or scheme.url_has_allowed_host_and_schemefunction fromdjango.utils.http.search_urlbefore redirecting.Suggested fixes powered by Copilot Autofix. Review carefully before merging.