Rule: ApexOpenRedirect

Message

Apex classes should safely redirect to a known location

Description

Checks against redirects to user-controlled locations. This prevents attackers from redirecting users to phishing sites.

Priority

3

Example

public without sharing class Foo {
    String unsafeLocation = ApexPage.getCurrentPage().getParameters.get('url_param');
    PageReference page() {
       return new PageReference(unsafeLocation);
    }
}