Skills
skills/developerscoffee/java-cwe-security-skills/cwe-601-open-redirect

cwe-601-open-redirect

SKILL.md

CWE-601 URL Redirection to Untrusted Site (Open Redirect)

Description

URL Redirection to Untrusted Site (Open Redirect)

Reference: https://cwe.mitre.org/data/definitions/601.html

OWASP Category: A01:2021 – Broken Access Control

Vulnerable Pattern

❌ Example 1

    private ResponseEntity<?> getURLRedirectionResponseEntity(
            String urlToRedirect, Function<String, Boolean> validator) {
        MultiValueMap<String, String> headerParam = new HttpHeaders();
        if (validator.apply(urlToRedirect)) {
            headerParam.put(LOCATION_HEADER_KEY, new ArrayList<>());
            headerParam.get(LOCATION_HEADER_KEY).add(urlToRedirect);
            return new ResponseEntity<>(headerParam, HttpStatus.FOUND);
        }
        return new ResponseEntity<>(HttpStatus.OK);
    }

❌ Example 2

    public ResponseEntity<?> getVulnerablePayloadLevel7(
            RequestEntity<String> requestEntity, @RequestParam(RETURN_TO) String urlToRedirect)
            throws MalformedURLException {
        MultiValueMap<String, String> headerParam = new HttpHeaders();
        URL requestUrl = new URL(requestEntity.getUrl().toString());
        headerParam.put(LOCATION_HEADER_KEY, new ArrayList<>());
        if (urlToRedirect.startsWith("/")) {
            urlToRedirect = urlToRedirect.substring(1);
        }
        headerParam
                .get(LOCATION_HEADER_KEY)
                .add(
                        requestUrl.getProtocol()
                                + "://"
                                + requestUrl.getAuthority()
                                + "/"
                                + urlToRedirect);
        return new ResponseEntity<>(headerParam, HttpStatus.FOUND);
    }

Deterministic Fix

Detection Pattern

Look for these patterns in your codebase:

# Find redirect operations
grep -rn "redirect:\|sendRedirect\|setHeader.*Location" --include="*.java"

# Find URL parameters
grep -rn "returnUrl\|redirectUrl\|callback\|next" --include="*.java"

Remediation Steps

  1. Validate redirect URLs against allowlist of permitted domains

  2. Use relative URLs instead of absolute URLs

  3. Map redirect targets to safe identifiers

  4. Reject URLs with different host/protocol

  5. Warn users before external redirects

Key Imports


import java.net.URL;

import java.net.URI;

import org.springframework.web.servlet.view.RedirectView;

Verification

After remediation:

  • Re-run SAST scan - CWE-601 should be resolved

  • Test with external URLs: ?redirect=https://evil.com

  • Verify only allowed destinations are permitted

Trigger Examples

Fix CWE-601 vulnerability
Resolve URL Redirection to Untrusted Site (Open Redirect) issue
Secure this Java code against url redirection to untrusted site (open redirect)
SAST reports CWE-601

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | Login/logout redirects |

| Filter | *Filter.java | Auth redirects |

| Security | *Handler.java | Success/failure handlers |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Weekly Installs
1
Repository
developerscoffe…y-skills
First Seen
10 days ago
Security Audits
Gen Agent Trust HubPass
SocketPass
SnykPass
Installed on
mcpjam1
claude-code1
replit1
junie1
windsurf1
zencoder1