HTTP request redirections vulnerability does not detect with SonarLint plugin and SonarQube server

Question

Once we performed the static code analysis with sonarCube and SonarLint eclipse plugin,non of them could detect a vulnerability in below code segment . But this has defined as a vulnarability under the rules of sonarsource web site.

protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws IOException {
  String location = req.getParameter("url");
  resp.sendRedirect(location); // Noncompliant
}

Reference https://rules.sonarsource.com/java/RSPEC-5146

Tenusha Guruge · Answer 1 · 2020-11-30T10:25:31.093

0

This rule, along with other security-related rules, is available with SonarQube Developer Edition and above.

Refer the answer to the question in SonarSource Community by Jean-Baptiste

edited Nov 30 '20 at 10:25

answered Nov 30 '20 at 10:18

Tenusha Guruge

2,147
3
18
38

HTTP request redirections vulnerability does not detect with SonarLint plugin and SonarQube server

1 Answers1