Do not use unvalidated request

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: java-security/unvalidated-redirect

Language: Java

Severity: Error

Category: Security

CWE: 601

Description

Do not use unvalidated redirect. Always check the redirect URL coming from a request.

Learn More

Non-Compliant Code Examples

public class MyClass {
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.sendRedirect(req.getParameter("redirectUrl"));
    }
}

Compliant Code Examples

public class MyClass {
    protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
        resp.sendRedirect(validateUrl(req.getParameter("redirectUrl")));
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis