logo

Database

Elixir Untrusted Open Redirect

Description

This vulnerability detector identifies untrusted open redirect vulnerabilities in Elixir web applications. It finds cases where user-controlled input is used to set the "Location" header in HTTP redirect responses (like 302 redirects), which can allow attackers to redirect users to malicious websites for phishing attacks.

Weakness:

156 - Uncontrolled external site redirect

Category: Deceptive Interactions

Detection Strategy

    Scans Elixir code for 'send_resp' function calls that generate HTTP responses

    Checks if the response uses a redirect status code (like 302 Found)

    Verifies that the redirect location (URL) comes from user-controlled or untrusted input sources

    Reports vulnerability when all conditions are met: send_resp call + redirect status + tainted location header

Vulnerable code example

defmodule VulnerableRouter do
  use Plug.Router

  plug :match
  plug :dispatch

  get "/redirect" do
    destination = conn.params["url"]...

✅ Secure code example

defmodule SecureRouter do
  use Plug.Router

  plug :match
  plug :dispatch

  get "/redirect" do
    destination = conn.params["url"]...