Python: open redirect protection example is still vulnerable

The open redirect protection for this example is still vulnerable

https://github.com/github/codeql/blob/dea922958b954416edb3505026133a9f24c37e6e/python/ql/src/Security/CWE-601/examples/redirect_good2.py#L8-L12

A target like `https:/example.com` (notice the single `/`) will be parsed as having no netloc, but browsers will redirect to `https://example.com` (tested on Firefox and Chrome using Fedora).

```python
from urllib.parse import urlparse

print(urlparse('https:/example.com'))
# ParseResult(scheme='https', netloc='', path='/example.com', params='', query='', fragment='')
```

See Django for example

https://github.com/django/django/blob/f339c4c8e4870f23d3ba8bf8ee68c57628739592/django/utils/http.py#L356-L361

	target = request.args.get('target', '')
	target = target.replace('\\', '')
	if not urlparse(target).netloc:
	# relative path, safe to redirect
	return redirect(target, code=302)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Python: open redirect protection example is still vulnerable #16041

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Python: open redirect protection example is still vulnerable #16041

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions