Prevent SSRF

This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

ID: java-security/tainted-url-host

Language: Java

Severity: Error

Category: Security

CWE: 918

Description

No description found

Non-Compliant Code Examples

@RequestMapping("/redirect")
public void redirect(@RequestParam() String url, String a) throws MalformedURLException {
    URL newUrl = new URL(url);  // Bad: User-controlled input used directly
    URL newUrl = new URL(url + "/path");
}

@RequestMapping("/api")
public void apiEndpoint(@RequestParam String host) {
    String url1 = "http://" + host + "/api/resource";  // Bad: User input concatenated into URL

    String url2 = "http://".concat(host);

    String url3 = "https://";
    url3 += host;

    String url4 = String.format("https://%v", host);

    String url5 = "https://%v";

    String url6 = String.format(url5, host)
}

@RequestMapping("/fetch")
public void fetchData(@RequestParam String endpoint) {
    StringBuilder sb = new StringBuilder("https://example.com");
    sb.append(endpoint);  // Bad: User input appended to base URL
}

Compliant Code Examples

@RequestMapping("/safe-redirect")
public void safeRedirect(@RequestParam String path) throws MalformedURLException {
    String baseUrl = "https://safe.example.com";
    URL newUrl = new URL(baseUrl + URLEncoder.encode(path, "UTF-8"));  // Good: User input only affects the path, not the host
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Security

Datadog Code Security
PREVIEWING: heston/DOCS-10466