roslyn-security-guard icon indicating copy to clipboard operation
roslyn-security-guard copied to clipboard

Published 20 hours ago verified publisher icon dotnet-security-guard

[Feature request] Open redirect

Open tristandostaler opened this issue 7 years ago • 1 comments

I think it could be interesting to have an analyser that detects potential open redirect.

tristandostaler avatar Dec 12 '17 22:12 tristandostaler

I know this can happen if an untrusted input flows into Response.Redirect() or Server.Transfer(). That alone should be pretty straightforward to add (if I understand correctly -- and I may not since I'm really new to this project -- it just means adding to sinks.yml). Are there others on the server side that you know of?

bchurchill avatar Jan 23 '18 08:01 bchurchill