From 4b146c176ba00e1165fd1bb16b592b063380a05b Mon Sep 17 00:00:00 2001
From: sebasrevuelta <122784773+sebasrevuelta@users.noreply.github.com>
Date: Fri, 18 Oct 2024 16:47:14 +0200
Subject: [PATCH] Update open_redirect.yaml

Update the description for the rule: express_open_redirect
---
 njsscan/rules/semantic_grep/redirect/open_redirect.yaml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/njsscan/rules/semantic_grep/redirect/open_redirect.yaml b/njsscan/rules/semantic_grep/redirect/open_redirect.yaml
index 93c5084..23a9f75 100644
--- a/njsscan/rules/semantic_grep/redirect/open_redirect.yaml
+++ b/njsscan/rules/semantic_grep/redirect/open_redirect.yaml
@@ -23,6 +23,7 @@ rules:
     message: >-
       Untrusted user input in redirect() can result in Open Redirect
       vulnerability.
+      An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance. Whether this issue poses a vulnerability will be subject to the intended behavior of the application. For example, a search engine might intentionally provide redirects to arbitrary URLs.
     languages:
       - javascript
     severity: ERROR
@@ -73,9 +74,10 @@ rules:
     message: >-
       Untrusted user input in response header('Location') can result in Open
       Redirect vulnerability.
+      An http parameter may contain a URL value and could cause the web application to redirect the request to the specified URL. By modifying the URL value to a malicious site, an attacker may successfully launch a phishing scam and steal user credentials. Because the server name in the modified link is identical to the original site, phishing attempts have a more trustworthy appearance. Whether this issue poses a vulnerability will be subject to the intended behavior of the application. For example, a search engine might intentionally provide redirects to arbitrary URLs.
     languages:
       - javascript
     severity: ERROR
     metadata:
       owasp-web: a1
-      cwe: cwe-601
\ No newline at end of file
+      cwe: cwe-601