Fix vulnerability on open redirects
This commit is contained in:
parent
7ebda0aded
commit
708bb9d314
@ -195,7 +195,8 @@ def _enforce_open_redirect_protection(location, allow_other_host:)
|
||||
end
|
||||
|
||||
def _url_host_allowed?(url)
|
||||
[request.host, nil].include?(URI(url.to_s).host)
|
||||
host = URI(url.to_s).host
|
||||
host == request.host || host.nil? && url.to_s.start_with?("/")
|
||||
rescue ArgumentError, URI::Error
|
||||
false
|
||||
end
|
||||
|
@ -88,6 +88,10 @@ def unsafe_redirect_back
|
||||
redirect_back_or_to "http://www.rubyonrails.org/"
|
||||
end
|
||||
|
||||
def unsafe_redirect_malformed
|
||||
redirect_to "http:///www.rubyonrails.org/"
|
||||
end
|
||||
|
||||
def only_path_redirect
|
||||
redirect_to action: "other_host", only_path: true
|
||||
end
|
||||
@ -504,6 +508,16 @@ def test_unsafe_redirect_back
|
||||
end
|
||||
end
|
||||
|
||||
def test_unsafe_redirect_with_malformed_url
|
||||
with_raise_on_open_redirects do
|
||||
error = assert_raise(ActionController::Redirecting::UnsafeRedirectError) do
|
||||
get :unsafe_redirect_malformed
|
||||
end
|
||||
|
||||
assert_equal "Unsafe redirect to \"http:///www.rubyonrails.org/\", pass allow_other_host: true to redirect anyway.", error.message
|
||||
end
|
||||
end
|
||||
|
||||
def test_only_path_redirect
|
||||
with_raise_on_open_redirects do
|
||||
get :only_path_redirect
|
||||
|
Loading…
Reference in New Issue
Block a user