I've written the below code to redirect to another page in my website
if (!string.IsNullOrEmpty(Request.QueryString["id"]))
Response.Redirect("node.aspx?id=" + Request.QueryString["id"], false);
This code is working without any issues but fortify on demand does show the open redirect vulnerability in the above code.
Can anyone please help me on this ?
I'm not familiar with fortify on demand. open redirect vulnerability basically is to redirect a user to the URL which is passed in QueryString. Normally, we see that in Login page, but it is not the case in your code.
If you'd know that id is an integer value, you could parse it first.
int id;
string str = Request.QueryString["id"];
if (!string.IsNullOrEmpty(str) && Int32.TryParse(str, out id))
Response.Redirect("node.aspx?id=" + id, false);