bchurchill
commented
6 years ago I know this can happen if an untrusted input flows into Response.Redirect() or Server.Transfer(). That alone should be pretty straightforward to add (if I understand correctly -- and I may not since I'm really new to this project -- it just means adding to sinks.yml). Are there others on the server side that you know of?
I think it could be interesting to have an analyser that detects potential open redirect.