[Html2PdfConverter] FOD detects redirect vulnerability (HTML2toPDFConverter)

[Html2PdfConverter] FOD detects redirect vulnerability (HTML2toPDFConverter)

  
Forge Component
(50)
Published on 21 Mar by Guilherme Pereira
50 votes
Published on 21 Mar by Guilherme Pereira

Hello,

We are using HP FOD tool for vulnerability testing. HTML2toPDFConverter HowToPDF.aspx.cs was identified as having a possible breach because of redirect() use on line 425 (-- Response.Redirect(redirectUrl); --).


His there anything you can help us with (patch, workarround, arguments) so that we can solidly argument with the FOD team?

We are using Outsystems 10.0.604.0

Thank you in advance for the time you may invest on this matter.

Fernando Gameiro

Hi Fernando,


I'm unsure of what vulnerability FOD is referring but not everything that get's flagged by these kind of tools turns out to be a breach.

In any case as you can see this is being identified directly on the aspx.cs file which is something generated by the platform.

In this specific case the best advise I can give you is just to delete this page (HowTo) from your component as it's not essential. If this warning appears on an essential page you should contact OutSystems support to try and help you fix it at the product level.

Cheers,

Guilherme