Typescript Kony Url Injection
Description
Detects potential URL injection vulnerabilities in TypeScript applications using the Kony framework. The vulnerability occurs when untrusted user input is used in URL navigation functions without proper validation, which could enable attackers to perform open redirect attacks or inject malicious URLs.
Detection Strategy
• Look for Kony framework URL navigation function calls in TypeScript code
• Check if the first argument passed to these navigation functions contains or is derived from user-controllable input
• Report a vulnerability when navigation functions accept unvalidated or insufficiently sanitized URL parameters
• Consider the data flow to determine if the URL parameter can be manipulated by an attacker
Vulnerable code example
function vulnerableURLOpener(): void {
// Directly using user input as URL without validation
const userInput = frmHome.txtUrlInput.text;
kony.application.openURL(userInput); // Vulnerable: Allows opening arbitrary URLs from user input
}
function vulnerableMediaOpener(): void {
const mediaUrl = frmHome.txtUrlInput.text;...✅ Secure code example
// URL whitelist and validation utilities
const ALLOWED_HOSTS = ["trusted.com", "api.trusted.com"];
const URL_PATTERN = /^https?:\/\/([^\/?#]+)/i;
function validateURL(url: string): boolean {
const match = url.match(URL_PATTERN);
const hostname = match ? match[1] : null;
// Check if hostname exists and is in whitelist...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.