cwe-601-open-redirect

name: cwe-601-open-redirect description: Use this skill when you need to remediate CWE-601 (URL Redirection to Untrusted Site (Open Redirect)) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing url redirection to untrusted site (open redirect) issues. version: 1.0.0 license: MIT tags:

• security

• java

• cwe-601

• remediation

• sast

• redirect

• web

• url-validation

CWE-601 URL Redirection to Untrusted Site (Open Redirect)

Description

URL Redirection to Untrusted Site (Open Redirect)

Reference: https://cwe.mitre.org/data/definitions/601.html

OWASP Category: A01:2021 – Broken Access Control

Vulnerable Pattern

❌ Example 1

    private ResponseEntity<?> getURLRedirectionResponseEntity(
            String urlToRedirect, Function<String, Boolean> validator) {
        MultiValueMap<String, String> headerParam = new HttpHeaders();
        if (validator.apply(urlToRedirect)) {
            headerParam.put(LOCATION_HEADER_KEY, new ArrayList<>());
            headerParam.get(LOCATION_HEADER_KEY).add(urlToRedirect);
            return new ResponseEntity<>(headerParam, HttpStatus.FOUND);
        }
        return new ResponseEntity<>(HttpStatus.OK);
    }

❌ Example 2

    public ResponseEntity<?> getVulnerablePayloadLevel7(
            RequestEntity<String> requestEntity, @RequestParam(RETURN_TO) String urlToRedirect)
            throws MalformedURLException {
        MultiValueMap<String, String> headerParam = new HttpHeaders();
        URL requestUrl = new URL(requestEntity.getUrl().toString());
        headerParam.put(LOCATION_HEADER_KEY, new ArrayList<>());
        if (urlToRedirect.startsWith("/")) {
            urlToRedirect = urlToRedirect.substring(1);
        }
        headerParam
                .get(LOCATION_HEADER_KEY)
                .add(
                        requestUrl.getProtocol()
                                + "://"
                                + requestUrl.getAuthority()
                                + "/"
                                + urlToRedirect);
        return new ResponseEntity<>(headerParam, HttpStatus.FOUND);
    }

Deterministic Fix

Detection Pattern

Look for these patterns in your codebase:

# Find redirect operations
grep -rn "redirect:\|sendRedirect\|setHeader.*Location" --include="*.java"

# Find URL parameters
grep -rn "returnUrl\|redirectUrl\|callback\|next" --include="*.java"

Remediation Steps

1. Validate redirect URLs against allowlist of permitted domains

2. Use relative URLs instead of absolute URLs

3. Map redirect targets to safe identifiers

4. Reject URLs with different host/protocol

5. Warn users before external redirects

Key Imports

import java.net.URL;

import java.net.URI;

import org.springframework.web.servlet.view.RedirectView;

Verification

After remediation:

• Re-run SAST scan - CWE-601 should be resolved

• Test with external URLs: ?redirect=https://evil.com

• Verify only allowed destinations are permitted

Trigger Examples

Fix CWE-601 vulnerability
Resolve URL Redirection to Untrusted Site (Open Redirect) issue
Secure this Java code against url redirection to untrusted site (open redirect)
SAST reports CWE-601

Common Vulnerable Locations

| Controller | *Controller.java | Login/logout redirects |

| Filter | *Filter.java | Auth redirects |

| Security | *Handler.java | Success/failure handlers |

References

• CWE-601: Open Redirect

• OWASP Unvalidated Redirects

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07