Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Incomplete URL substring sanitization #3520

Open
Onyx2406 opened this issue Jun 20, 2023 · 0 comments
Open

Incomplete URL substring sanitization #3520

Onyx2406 opened this issue Jun 20, 2023 · 0 comments

Comments

@Onyx2406
Copy link

Description

A potential vulnerability has been detected, specifically in the initialTasks.js file. The current method of sanitizing URLs by checking if a particular host is a substring of the URL string could lead to bypassing security checks. This could lead to malicious redirections or request forgeries. Detected by CodeQL deployed on forked repository.

Steps to Reproduce

  1. Open up the 'initialTasks.js' file, which you'll find in the app/scripts folder.
  2. Have a look at how we're checking the URL.

Expected Behaviour

When we're making sure a URL is safe, we need to be really thorough. This means looking at the whole URL, breaking it down, and then checking that the host is one we trust.

Actual Behaviour

Right now, we're just checking if 'mifos.io' appears somewhere in the URL. The issue is, someone could hide this in a part of the URL where it doesn't belong, tricking our check into thinking it's a safe URL.

Screenshots

image

Settings

  • Mifos X version: Develop Branch
  • Browser used: Firefox
  • OS: Windows 11

References

Common Weakness Enumeration: CWE-20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Onyx2406