Menu
I was trying to validate my code using CheckMarx but am stuck at a couple of vulnerabilities that I am unable to find a fix for. The following are the code lines where the vulnerabilities were raised.
window.location.href = url + "?"+"appPageId="+
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
I tried to fix it with encoding as follows
var redirectUrl = url + "?"+"appPageId="+
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
window.location.href = encodeURI(redirectUrl)
but I still get the same issue. Is there anyway of fixing this Client DOM Open Redirect Vulnerability?
Also, I'm getting a Reflected XSS issue for the following line
res.send("The Context
"+req.params.contextName+" has restricted access. Please request
access to this page");
possibly because I'm using res.send. I guess this will also be fixed along the same lines as the above issue.
Any help regarding the same would be greatly appreciated.
846
Make sure to sanitize any input you get from users, that includes taking any parameters from the request. You can find many sanitization modules or middle ware that will do this for you, just try a quick google search.
As for open redirect, if the url parameter is coming from a user, use Regex or something of the liking to parse the domain. It could even just be something as simple as making sure it starts with the right protocol and domain.
84
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
