HUE-5297 [beeswax] fixing Open redirect vulnerability in on_success_url

Review Request #8940 - Created Nov. 17, 2016 and submitted

Prakash Ranade
hue
master
HUE-5297
hue
enricoberti, jennykim, johan, krish, ranade, romain, subrata, weixia
commit 6d958ca5f35479e7fcded7374ab03cd94fcbe18f
Author: Prakash Ranade <ranade@cloudera.com>
Date:   Thu Nov 17 15:32:03 2016 -0800

    HUE-5297 [beeswax] fixing Open redirect vulnerability in on_success_url

:100644 100644 c95ce33... 82eb8aa... M	apps/beeswax/src/beeswax/views.py

Tested on nightly:

  1. created beeswax query editor page.
  2. after the query is executed, carefully crafed url with on_success_url going to http://google.com
  3. checked it is not accepting external url argument
  4. checked if internal HUE URL is given such as /jobbrowser/ or /filebrowser/ then it follows redirect.
  1. Ship It!
  2. 
      
Review request changed

Status: Closed (submitted)

Loading...