Skip to content

Commit

Permalink
Update bad.go
Browse files Browse the repository at this point in the history
  • Loading branch information
@mcollao-hc
mcollao-hc authored Aug 20, 2024
1 parent 985ba55 commit a94c693
Showing 1 changed file with 3 additions and 9 deletions.
12 changes: 3 additions & 9 deletions bad.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -6,15 +6,9 @@ import (
)

func serve() {
http.HandleFunc("/user", func(w http.ResponseWriter, r *http.Request) {
http.HandleFunc("/redir", func(w http.ResponseWriter, r *http.Request) {
r.ParseForm()
username := r.Form.Get("username")
if !isValidUsername(username) {
// BAD: a request parameter is incorporated without validation into the response
fmt.Printf("no")
} else {
// TODO: Handle successful login
}
http.Redirect(w, r, r.Form.Get("target"), 302)

Check warning

Code scanning / CodeQL

Open URL redirect Medium

This path to an untrusted URL redirection depends on a
user-provided value
Loading
.
})
http.ListenAndServe(":80", nil)
}

0 comments on commit a94c693

Please sign in to comment.