Rust

Rust

By DeepSource

Redirect to destination from possibly tainted source RS-S1009

Security

Redirects to a destination that is provided by the user or through an external function may be invalid or unsafe. Consider verifying the destination before firing the redirect.

Bad practice

use actix_web_lab::web as web_lab;

fn get_redirect(dest: String) -> web_lab::Redirect {
    web_lab::redirect("/".into(), dest) // Unsanitised string `dest`
}
// OR
fn get_redirect(dest: String) -> web_lab::Redirect {
    web_lab::Redirect::new("/".into(), dest) // Unsanitised string `dest`
}