[WEB-4900]: validated authentication redirection paths (#7798)

* refactor: replace validate_next_path with get_safe_redirect_url for safer URL redirection across authentication views * refactor: use get_safe_redirect_url for improved URL redirection in SignInAuthSpaceEndpoint and SignUpAuthSpaceEndpoint * fix: redirect paths --------- Co-authored-by: sriram veeraghanta <veeraghanta.sriram@gmail.com>
2025-09-16 00:01:06 +05:30 · 2025-09-16 00:01:06 +05:30 · 345dfce25d
commit 345dfce25d
parent 116c8118ab
13 changed files with 477 additions and 276 deletions
--- a/apps/api/plane/utils/path_validator.py
+++ b/apps/api/plane/utils/path_validator.py
@ -2,9 +2,55 @@
 from urllib.parse import urlparse


+def _contains_suspicious_patterns(path: str) -> bool:
+    """
+    Check for suspicious patterns that might indicate malicious intent.
+    
+    Args:
+        path (str): The path to check
+        
+    Returns:
+        bool: True if suspicious patterns found, False otherwise
+    """
+    suspicious_patterns = [
+        r'javascript:',  # JavaScript injection
+        r'data:',  # Data URLs
+        r'vbscript:',  # VBScript injection
+        r'file:',  # File protocol
+        r'ftp:',  # FTP protocol
+        r'%2e%2e',  # URL encoded path traversal
+        r'%2f%2f',  # URL encoded double slash
+        r'%5c%5c',  # URL encoded backslashes
+        r'<script',  # Script tags
+        r'<iframe',  # Iframe tags
+        r'<object',  # Object tags
+        r'<embed',  # Embed tags
+        r'<form',  # Form tags
+        r'onload=',  # Event handlers
+        r'onerror=',  # Event handlers
+        r'onclick=',  # Event handlers
+    ]
+    
+    path_lower = path.lower()
+    for pattern in suspicious_patterns:
+        if pattern in path_lower:
+            return True
+    
+    return False
+
+
 def validate_next_path(next_path: str) -> str:
    """Validates that next_path is a safe relative path for redirection."""
    # Browsers interpret backslashes as forward slashes. Remove all backslashes.
+    if not next_path or not isinstance(next_path, str):
+        return ""
+
+
+    # Limit input length to prevent DoS attacks
+    if len(next_path) > 500:
+        return ""
+
+
    next_path = next_path.replace("\\", "")
    parsed_url = urlparse(next_path)

@ -20,4 +66,33 @@ def validate_next_path(next_path: str) -> str:
    if ".." in next_path:
        return ""

+    # Additional security checks
+    if _contains_suspicious_patterns(next_path):
+        return ""
+
    return next_path
+
+ 
+def get_safe_redirect_url(base_url: str, next_path: str = "", params: dict = {}) -> str:
+    """
+    Safely construct a redirect URL with validated next_path.
+    
+    Args:
+        base_url (str): The base URL to redirect to
+        next_path (str): The next path to append
+        params (dict): The parameters to append
+    Returns:
+        str: The safe redirect URL
+    """
+    from urllib.parse import urlencode
+
+    # Validate the next path
+    validated_path = validate_next_path(next_path)
+    
+    # Add the next path to the parameters
+    if validated_path:
+        params["next_path"] = validated_path
+
+    # Return the safe redirect URL
+    return f"{base_url.rstrip('/')}?{urlencode(params)}"
+