Uncontrolled external site redirect
Need
Controlled and secure external site redirects
Context
• Requirement of Ruby 2.0 or higher for executing the code
• Usage of Rails for building web applications with Ruby
Description
1. Non compliant code
def redirect
  redirect_to params[:url]
endIn the above code, the application is redirecting to a URL based on the `params[:url]` value. This value is directly taken from the parameters that are sent to the server in a request, without any validation or sanitation. This is a security vulnerability known as "Uncontrolled External Site Redirect". An attacker could manipulate the `:url` parameter to point to an external site. This could be used in phishing attacks to trick users into visiting malicious sites. For example, an attacker could send a link to a user that looks like it goes to the application, but the `:url` parameter is set to `http://malicious-site.com`. When the user clicks on the link, they would be redirected to the malicious site. This is a serious security flaw that can lead to data theft, as users might enter their credentials into the malicious site, thinking they are logging into the legitimate application.
2. Steps
• Validate the input: Before redirecting, validate the URL to ensure it is a trusted and valid URL. Use a whitelist approach to only allow specific URLs.
• Sanitize the input: Use a URL sanitizer to remove any potentially malicious characters or scripts from the URL.
• Implement a redirect whitelist: Maintain a list of trusted URLs that the application is allowed to redirect to. Only redirect to URLs in this whitelist.
• Implement a redirect blacklist: Maintain a list of known malicious URLs that the application should never redirect to. Check the input URL against this blacklist before redirecting.
• Use a safe redirect method: Instead of directly using the 'redirect_to' method, use a safer alternative provided by the framework that ensures the redirect is controlled and secure.
• Implement a redirect validation mechanism: Add a validation step before performing the redirect to verify that the redirect is intended and authorized. This can include additional user authentication or authorization checks.
• Log and monitor redirects: Implement logging and monitoring mechanisms to track and detect any suspicious or unauthorized redirects.
• Regularly update and patch dependencies: Keep the Ruby on Rails framework and any relevant libraries up to date to ensure that any security vulnerabilities are addressed.
3. Secure code example
# List of trusted URLs
TRUSTED_URLS = ['http://trusted1.com', 'http://trusted2.com']
def redirect
  url = params[:url]
  
  # Validate and sanitize the URL
    # Check against trusted URLs...The updated code includes a list of trusted URLs that the application is allowed to redirect to. Before redirecting, the code checks if the URL is present and valid. The `url_valid?` method uses Ruby's URI library to parse the URL and checks if it is a kind of HTTP or HTTPS URL. If the URL is invalid, an `URI::InvalidURIError` is raised and caught, and the method returns false. If the URL is valid, the code checks if it is included in the list of trusted URLs. If it is, the application redirects to the URL. If it is not, the application logs a warning about the untrusted redirect attempt and redirects to the root path. If the URL is not valid, the application logs a warning about the invalid redirect attempt and also redirects to the root path. This ensures that the application only redirects to trusted and valid URLs, preventing uncontrolled external site redirects.
References
• 156. Uncontrolled external site redirect