Do not use unvalidated request
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: java-security/unvalidated-redirect
Language: Java
Severity: Error
Category: Security
CWE: 601
Description
Do not use unvalidated redirect. Always check the redirect URL coming from a request.
Learn More
Non-Compliant Code Examples
public class MyClass {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.sendRedirect(req.getParameter("redirectUrl"));
}
}
Compliant Code Examples
public class MyClass {
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.sendRedirect(validateUrl(req.getParameter("redirectUrl")));
}
}
Seamless integrations. Try Datadog Code Analysis
