Open Redirect - Githubissues

pumasecurity / puma-scan

Puma Scan is a software security Visual Studio extension that provides real time, continuous source code analysis as development teams write code. Vulnerabilities are immediately displayed in the development environment as spell check and compiler warnings, preventing security bugs from entering your applications.

https://www.pumascan.com

Mozilla Public License 2.0

446 stars 80 forks source link

Open Redirect #8

Open curea opened 7 years ago

curea commented 7 years ago

Web Forms: Response.Redirect( )

MVC: Redirect

ejohn20 commented 7 years ago

Basic coverage added by @meadisu27 in v1.0.2. However, there are still false positives that need to be corrected when a static string is in front of a dynamic value. E.g.

Response.Redirect("path/file?id=" + Request["val"]) is currently flagged as an issue.