Do not use unvalidated request

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: java-security/unvalidated-redirect

Language: Java

Severity: Error

Category: Security

CWE: 601

Description

Do not use unvalidated redirect. Always check the redirect URL coming from a request.

Learn More

Non-Compliant Code Examples

public class MyClass {
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.sendRedirect(req.getParameter("redirectUrl"));
    }
}

Compliant Code Examples

public class MyClass {
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.sendRedirect(validateUrl(req.getParameter("redirectUrl")));
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis