mcp-server-semgrep/semgrep-rules/javascript/angular/security/detect-angular-open-redirect.yaml

MCP Server for Semgrep Integration - static code analysis with AI

rules:
- id: detect-angular-open-redirect
  message: >-
    Use of $window.location.href can lead to open-redirect if user input is used for redirection.
  metadata:
    asvs:
      section: V5 Validation, Sanitization and Encoding
      control_id: 5.5.1 Insecue Redirect
      control_url: https://github.com/OWASP/ASVS/blob/master/4.0/en/0x13-V5-Validation-Sanitization-Encoding.md#v51-input-validation
      version: '4'
    references:
    - https://docs.angularjs.org/api/ng/service/$sce#trustAsJs
    - https://owasp.org/www-chapter-london/assets/slides/OWASPLondon20170727_AngularJS.pdf
    category: security
    cwe:
    - "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"
    technology:
    - angular
    owasp:
    - A07:2017 - Cross-Site Scripting (XSS)
    - A03:2021 - Injection
    cwe2022-top25: true
    cwe2021-top25: true
    subcategory:
    - audit
    likelihood: LOW
    impact: MEDIUM
    confidence: LOW
  languages:
  - javascript
  - typescript
  severity: ERROR
  patterns:
  - pattern: |
      $window.location.href = ...
  - pattern-not: |
      $window.location.href = "..."