Scala Spring Unsafe Open Redirect
Description
Identifies unvalidated redirects in Scala Spring applications where user-controlled input can influence the redirect destination. This vulnerability could allow attackers to redirect users to malicious websites through the application's trusted domain.
Detection Strategy
• Confirms the presence of Spring Framework imports in the source code
• Identifies controller methods with Spring mapping annotations (like @RequestMapping, @GetMapping)
• Examines method implementations for redirect operations that use unvalidated input parameters
• Reports a vulnerability when a redirect URL or destination path can be influenced by user input without proper validation
Vulnerable code example
import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation._
@Controller
class RedirectController {
@GetMapping(Array("/redirect"))
def redirect(@RequestParam url: String): String = {
// VULNERABLE: User-controlled input directly used in redirect URL...✅ Secure code example
import org.springframework.stereotype.Controller
import org.springframework.web.bind.annotation._
@Controller
class RedirectController {
@GetMapping(Array("/redirect"))
def redirect(@RequestParam url: String): String = {
val allowed = Set("/home", "/profile", "/dashboard") // Allowlist of safe destinations...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.