Discovered almost 5 years ago
Source: static code analysis
Category: Redirect
Confidence level: High

Problem

Possible unprotected redirect

Location

app/controllers/static_controller.rb:25

redirect_to(SiteSetting.send({ "faq" => ({ :redirect => "faq_url", :topic_id => "guidelines_topic_id" }), "tos" => ({ :redirect => "tos_url", :topic_id => "tos_topic_id" }), "privacy" => ({ :redirect => "privacy_policy_url", :topic_id => "privacy_topic_id" }) }[params[:id]][:redirect]))

Category description: Sometimes redirect_to can be used with a user-supplied value that may allow the attacker to change the :host option and load a malicious script from a third party website.

Solution: fix the issue in app/controllers/static_controller.rb or mark it as false positive.