This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Metadata

ID: java-security/tainted-url-host

Language: Java

Severity: Error

Category: Security

CWE: 918

Description

No description found

Non-Compliant Code Examples

@RequestMapping("/redirect")
public void redirect(@RequestParam() String url, String a) throws MalformedURLException {
    URL newUrl = new URL(url);  // Bad: User-controlled input used directly
    URL newUrl = new URL(url + "/path");
}

@RequestMapping("/api")
public void apiEndpoint(@RequestParam String host) {
    String url1 = "http://" + host + "/api/resource";  // Bad: User input concatenated into URL

    String url2 = "http://".concat(host);

    String url3 = "https://";
    url3 += host;

    String url4 = String.format("https://%v", host);

    String url5 = "https://%v";

    String url6 = String.format(url5, host)
}

@RequestMapping("/fetch")
public void fetchData(@RequestParam String endpoint) {
    StringBuilder sb = new StringBuilder("https://example.com");
    sb.append(endpoint);  // Bad: User input appended to base URL
}

Compliant Code Examples

@RequestMapping("/safe-redirect")
public void safeRedirect(@RequestParam String path) throws MalformedURLException {
    String baseUrl = "https://safe.example.com";
    URL newUrl = new URL(baseUrl + URLEncoder.encode(path, "UTF-8"));  // Good: User input only affects the path, not the host
}