Target URL is tainted by user input

Severity
High
Applies to
Step

Why This Issue Is Important

In an Apigee proxy, if the target.url flow variable is populated with user-controlled data without proper validation and sanitization, it can lead to a serious security vulnerability known as URL pollution. This means that an attacker could manipulate the target URL, potentially redirecting traffic to malicious or unintended endpoints. This could lead to unexpected behavior, data breaches, or unauthorized access to backend systems.

When dealing with user input, it is critical to validate, sanitize, and encode the data before using it to construct or influence the target URL. This ensures that only safe and expected data is used, preventing attackers from exploiting this weakness.

How This Issue Is Detected

CodeSent scans the flow to identify variables that are influenced by user input, such as request.queryparam, request.header, and other potentially untrusted sources. The tool traces the flow of these variables to see if they eventually populate the target.url variable. If user-controlled data influences target.url, CodeSent flags this as a potential risk.

How to Fix the Issue

To fix this issue, you should ensure that the target.url is either static or that any user-controlled data used to populate it is properly validated and sanitized.