Python Fastapi Open Redirect
Description
Detects open redirect vulnerabilities in FastAPI applications where user-controlled input is passed directly to RedirectResponse without proper validation. This could allow attackers to redirect users to malicious websites by manipulating redirect URL parameters.
Detection Strategy
• Checks if fastapi-related imports are present in the codebase
• Identifies imports of fastapi.responses.RedirectResponse
• Locates calls to RedirectResponse where the URL argument contains user-controlled input from query parameters, headers, or FastAPI dependency injection
• Verifies the URL parameter is not sanitized or validated before use
• Reports a vulnerability when unsafe user input flows into RedirectResponse without proper validation
Vulnerable code example
from fastapi import FastAPI, Query, Request
from fastapi.responses import RedirectResponse
app = FastAPI()
@app.get("/redirect")
async def unsafe_redirect(request: Request):
# VULNERABLE: User-controlled URL from query params used directly in redirect...✅ Secure code example
from fastapi import FastAPI, Query, Request
from fastapi.responses import RedirectResponse
from urllib.parse import urlparse
app = FastAPI()
@app.get("/redirect")
async def safe_redirect(request: Request):...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.