このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: java-security/tainted-url-host

Language: Java

Severity: Error

Category: Security

CWE: 918

Description

No description found

Non-Compliant Code Examples

@RequestMapping("/redirect")
public void redirect(@RequestParam() String url, String a) throws MalformedURLException {
    URL newUrl = new URL(url);  // Bad: User-controlled input used directly
    URL newUrl = new URL(url + "/path");
}

@RequestMapping("/api")
public void apiEndpoint(@RequestParam String host) {
    String url1 = "http://" + host + "/api/resource";  // Bad: User input concatenated into URL

    String url2 = "http://".concat(host);

    String url3 = "https://";
    url3 += host;

    String url4 = String.format("https://%v", host);

    String url5 = "https://%v";

    String url6 = String.format(url5, host)
}

@RequestMapping("/fetch")
public void fetchData(@RequestParam String endpoint) {
    StringBuilder sb = new StringBuilder("https://example.com");
    sb.append(endpoint);  // Bad: User input appended to base URL
}

Compliant Code Examples

@RequestMapping("/safe-redirect")
public void safeRedirect(@RequestParam String path) throws MalformedURLException {
    String baseUrl = "https://safe.example.com";
    URL newUrl = new URL(baseUrl + URLEncoder.encode(path, "UTF-8"));  // Good: User input only affects the path, not the host
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis