Ruby Unsafe Open Redirect
Description
Detects open redirect vulnerabilities in Ruby applications where unvalidated user input can be used to redirect users to arbitrary external domains. This could allow attackers to craft malicious links that appear legitimate but redirect users to phishing sites or malware.
Detection Strategy
• Check for 'redirect_to' method calls that explicitly set allow_other_host: true parameter, allowing redirects to external domains
• Identify unsafe usage of 'redirect_back' or 'redirect_back_or_to' methods where the target URL is not properly validated
• Find direct manipulation of response Location header through 'set_header' method calls
• Report vulnerability when any redirect method accepts user-controlled input without proper validation of the destination URL
Vulnerable code example
class RedirectController < ApplicationController
def unsafe_redirect
redirect_to params[:url], allow_other_host: true # Vulnerable: Allows redirects to any external domain
end
end✅ Secure code example
class RedirectController < ApplicationController
def unsafe_redirect
# Define allowed destinations or extract local path only
begin
uri = URI.parse(params[:url])
if uri.path.start_with?('/')
redirect_to uri.path, allow_other_host: false # Safe: Only local paths allowed, external hosts blocked
else...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.