search

find-sec-bugs / find-sec-bugs

The SpotBugs plugin for security audits of Java web applications and Android applications. (Also work with Kotlin, Groovy and Scala projects)
https://find-sec-bugs.github.io/
GNU Lesser General Public License v3.0
2.28k stars 474 forks source link

UnvalidatedRedirectDetector "Location" LDC issue #249

Open plr0man opened 7 years ago

plr0man commented 7 years ago

The Unvalidated Redirect Detector does not detect issues similar to the following: resp.addHeader("Location", req.getParameter("urlRedirect")); In this case the top LDC - the one the detector is comparing against is going to be "urlRedirect", not "Location" as expected. Any suggestions how to fix that?

4ndygu commented 7 years ago

Personally, I created a custom Injection detector, then integrated the test:

`public class CustomInjectionDetector extends BasicInjectionDetector {

public CustomInjectionDetector(BugReporter bugReporter) {
    super(bugReporter);
    loadConfiguredSinks("[command file]", "COMMAND_INJECTION");
}

@Override
protected int getPriority(Taint taint) {
    if (!taint.isSafe() && taint.hasTag(Taint.Tag.COMMAND_INJECTION_SAFE)) {
        return Priorities.IGNORE_PRIORITY;
    } else {
        return super.getPriority(taint);
    }
}

} `