vishank848 / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
4 stars 2 forks source link

ESAPI validator isValidRedirectLocation does not work #289

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What steps will reproduce the problem?
1. Have a simple code that does an isValidRedirectLocation check

What is the expected output? What do you see instead?
The test will almost always fail, simply because the built-in Redirect pattern 
is defined as:
Validator.Redirect=^\\/test.*$
Could this be enhanced, so instead a real regexp is used?

What version of the product are you using? On what operating system?
Does not matter

Does this issue affect only a specified browser or set of browsers?
No

Please provide any additional information below.
Since the SecurityWrapperResponse is using the Redirect matching rule as well, 
probably that fails 99% of the cases as well.

Is using "URL" instead of "Redirect" a valid workaround?

Original issue reported on code.google.com by majorpe...@gmail.com on 26 Oct 2012 at 10:22