logo

Database

Python Starlette Open Redirect

Description

Detects open redirect vulnerabilities in Starlette applications where user-controlled input is passed directly to RedirectResponse without proper validation. This could allow attackers to redirect users to malicious websites by manipulating redirect URL parameters.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

    Checks if starlette-related imports are present in the codebase

    Identifies imports of starlette.responses.RedirectResponse

    Locates calls to RedirectResponse where the URL argument contains user-controlled input from query parameters or request headers

    Verifies the URL parameter is not sanitized or validated before use

    Reports a vulnerability when unsafe user input flows into RedirectResponse without proper validation

Vulnerable code example

from starlette.applications import Starlette
from starlette.requests import Request
from starlette.responses import RedirectResponse
from starlette.routing import Route

app = Starlette(routes=[])

async def unsafe_redirect(request: Request):...

✅ Secure code example

from starlette.applications import Starlette
from starlette.requests import Request
from starlette.responses import RedirectResponse
from starlette.routing import Route
from urllib.parse import urlparse

app = Starlette(routes=[])
...