I was trying to validate my code using CheckMarx but am stuck at a couple of vulnerabilities that I am unable to find a fix for. The following are the code lines where the vulnerabilities were raised.
window.location.href = url + "?"+"appPageId="+
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
I tried to fix it with encoding as follows
var redirectUrl = url + "?"+"appPageId="+
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
window.location.href = encodeURI(redirectUrl)
but I still get the same issue. Is there anyway of fixing this Client DOM Open Redirect Vulnerability?
Also, I'm getting a Reflected XSS issue for the following line
res.send("The Context
"+req.params.contextName+" has restricted access. Please request
access to this page");
possibly because I'm using res.send. I guess this will also be fixed along the same lines as the above issue.
Any help regarding the same would be greatly appreciated.
I was trying to validate my code using CheckMarx but am stuck at a couple of vulnerabilities that I am unable to find a fix for. The following are the code lines where the vulnerabilities were raised.
window.location.href = url + "?"+"appPageId="+
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
I tried to fix it with encoding as follows
var redirectUrl = url + "?"+"appPageId="+
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
window.location.href = encodeURI(redirectUrl)
but I still get the same issue. Is there anyway of fixing this Client DOM Open Redirect Vulnerability?
Also, I'm getting a Reflected XSS issue for the following line
res.send("The Context
"+req.params.contextName+" has restricted access. Please request
access to this page");
possibly because I'm using res.send. I guess this will also be fixed along the same lines as the above issue.
Any help regarding the same would be greatly appreciated.
Share Improve this question edited Aug 29, 2019 at 6:24 Zendie 1,1741 gold badge14 silver badges32 bronze badges asked Aug 29, 2019 at 5:56 Tejas JaggiTejas Jaggi 1151 gold badge1 silver badge10 bronze badges2 Answers
Reset to default 1Make sure to sanitize any input you get from users, that includes taking any parameters from the request. You can find many sanitization modules or middle ware that will do this for you, just try a quick google search.
As for open redirect, if the url parameter is ing from a user, use Regex or something of the liking to parse the domain. It could even just be something as simple as making sure it starts with the right protocol and domain.
I believe Checkmarx sees the url variable first in the flow as arbitrary which is why it is seeing it as a Client DOM Open Redirect vulnerability. You can try prefixing the url with a hardcoded value if you don't need it to be arbitrary.
if(isNaN($rootScope.selectedContext.defaultAppPageId) || isNaN($rootScope.defaultHierarchyId)) {
return
}
var redirectUrl = "https://stackoverflow.?" + "appPageId=" +
$rootScope.selectedContext.defaultAppPageId + "&hierarchyId="+
$rootScope.defaultHierarchyId
window.location.href = encodeURI(redirectUrl)
For the XSS vuln, it well could be considered as a false positive since Angular sanitizes and escapes untrusted values. However, you can't always trust the view engine to do its job so if you really wanted an explicit fix, you may want to use a html encode library (find a decent one, this is just an example):
var htmlencode = require('htmlencode');
res.send("The Context"+ htmlencode.htmlEncode(req.params.contextName) + " has restricted access. Please request access to this page");
Hope this helps!