问题描述
我试图阻止打开重定向攻击。请看下面的代码,并检查安全性: var = require('url');
// http://example.com/login?redirect=http://example.com/dashboard
app.route('/ login',function(req,res,接下来){
var redirect = req.query.redirect,
paths = url.parse(redirect);
if(paths.host!== req.headers.host ){
return next(new Error('Open redirect attack detected'));
}
return res.redirect(redirect);
});
是否足以防止打开重定向攻击,还是应该添加其他内容?
Open Redirect 的描述:
code>输入验证防止打开重定向攻击的策略:
使用 req。 header.host , req.host 或 req.hostname 是不安全的,因为<$可以伪造c $ c> req.headers (例如,HTTP请求具有自定义主机头来访问以下代码编写的快速应用程序)
var url = require('url');
app.get('/ login',function(req,res,next){
var redirect = req.query.redirect,
targetUrl = url.parse(redirect );
console.log('req.headers.host:[%s]',req.headers.host);
console.log('req.host:[%s]',req .host);
console.log('req.hostname:[%s]',req.hostname);
if(targetUrl.host!= req.headers.host){
return new(new Error('Open redirect attack detected'));
}
return res.redirect(redirect);
});
使用 curl 提出请求: / p>
$ curl -H'主机:malicious.example.com''http:// localhost:3012 / login?redirect = http ://malicious.example.com'-i
HTTP / 1.1 302找到
X-Powered by:Express
位置:http://malicious.example.com
Vary:Accept
Content-Type:text / plain; charset = utf-8
内容长度:54
日期:2016年6月13日(星期一)06:30:55 GMT
连接:keep-alive
$#服务器输出
req.headers.host:[malicious.example.com]
req.host:[malicious.example.com]
req.hostname:[malicious.example.com]
我建议您使用白名单来验证输入,下面是一个示例代码:
const WHITELIST_TO_REDIRECT = new Set([localhost:3012,www.realdomain.com]);
app.get('/ login',function(req,res,next){
var redirect = req.query.redirect,
targetUrl = url.parse(redirect );
console.log(req.hostname:[%s],req.hostname);
console.log(url.host:[%s],targetUrl.host);
if(!WHITELIST_TO_REDIRECT.has(targetUrl.host)){
return next(new Error('Open redirect attack detected'));
}
return res.redirect(redirect);
});
I'm trying to prevent open redirect attack. Please look at the code below and check for security:
var = require('url');
// http://example.com/login?redirect=http://example.com/dashboard
app.route('/login', function (req, res, next) {
var redirect = req.query.redirect,
paths = url.parse(redirect);
if (paths.host !== req.headers.host) {
return next(new Error('Open redirect attack detected'));
}
return res.redirect(redirect);
});
Is it enough for preventing open redirect attack or should I add anything else?
CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
Description of Open Redirect:
The suggestion of input validation strategy to prevent open redirect attack:
Use req.headers.host, req.host or req.hostname is insecure, because req.headers can be forged (eg. a HTTP request have a custom Host header to access a express app written in code below)
var url = require('url');
app.get('/login', function (req, res, next) {
var redirect = req.query.redirect,
targetUrl = url.parse(redirect);
console.log('req.headers.host: [%s]', req.headers.host);
console.log('req.host: [%s]', req.host);
console.log('req.hostname: [%s]', req.hostname);
if (targetUrl.host != req.headers.host) {
return next(new Error('Open redirect attack detected'));
}
return res.redirect(redirect);
});
Use curl to make a request:
$ curl -H 'Host: malicious.example.com' 'http://localhost:3012/login?redirect=http://malicious.example.com' -i
HTTP/1.1 302 Found
X-Powered-By: Express
Location: http://malicious.example.com
Vary: Accept
Content-Type: text/plain; charset=utf-8
Content-Length: 54
Date: Mon, 13 Jun 2016 06:30:55 GMT
Connection: keep-alive
$ #server output
req.headers.host: [malicious.example.com]
req.host: [malicious.example.com]
req.hostname: [malicious.example.com]
I suggest you use whitelist to validate input, a example code below:
const WHITELIST_TO_REDIRECT = new Set(["localhost:3012", "www.realdomain.com"]);
app.get('/login', function (req, res, next) {
var redirect = req.query.redirect,
targetUrl = url.parse(redirect);
console.log("req.hostname: [%s]", req.hostname);
console.log("url.host: [%s]", targetUrl.host);
if (!WHITELIST_TO_REDIRECT.has(targetUrl.host)) {
return next(new Error('Open redirect attack detected'));
}
return res.redirect(redirect);
});
这篇关于是否阻止在nodejs中打开重定向攻击?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!