Need to remove a dangerous domain from the QueryString Collection

I need to remove a dangerous domain from the URL, but the QueryString Collection is Read Only.
             
I created a whitelist of safe URL's and scan the URL inside a custom ActionFilterAttribute to assert that every domain is whitelisted:

But rather than upsetting existing program flow by redirecting to an error page, we have decided to simply remove that dangerous domain. If the goto or returnURL is errant, I need to completely remove it. But, the QueryString Collection is Read Only.

I use the following code to remove the "goto" key and notice the NameValueCollection array drops from a size of 1 to 0.

        private void RemoveParameter(NameValueCollection nameCollection, string keyToRemove)
        {
            // reflect to readonly property
            PropertyInfo isreadonly = typeof(System.Collections.Specialized.NameValueCollection).GetProperty("IsReadOnly", BindingFlags.Instance | BindingFlags.NonPublic);

            if (isreadonly != null)
            {
                // make collection editable
                isreadonly.SetValue(nameCollection, false, null);

                // remove
                nameCollection.Remove(keyToRemove);

                // make collection readonly again
                isreadonly.SetValue(nameCollection, true, null);
            }
        }

Open in new window


but even after a final call to:

            base.OnActionExecuting(filterContext)

the browser still has the bad domain in the goto. In fact, I was expecting "goto" to no longer display.

What am I missing?

Thanks
newbiewebSr. Software EngineerAsked:
Who is Participating?
 
Kyle AbrahamsSenior .Net DeveloperCommented:
Response.Redirect(Request.RawUrl.Split(new[] {'?'})[0]);

Open in new window

0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
Create a new handler page, filter out the query string, redirect to the existing one.  

As a security check if you find a bad one in the original handler, redirect to the newrequesthandler to santiize and then redirect back to the existing one.

Bastardized pseudo code:

OriginalRequestHandler?myVal=dangerousquery.com;safequery.com

//Non whitelisted domain found, redirect to original request

NewrequestHandler?myVal=dangerousquery.com;safequery.com

// sanitize the query string, respond back to original

Response.Redirect("OriginalRequestHandler?myVal=safequery.com");


OriginalRequestHandler?myVal=safequery.com
// no non white listed domains found, continue processing.
0
 
newbiewebSr. Software EngineerAuthor Commented:
I am not sure what you mean by:

> Create a new handler page

> OriginalRequestHandler
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Kyle AbrahamsSenior .Net DeveloperCommented:
Sorry, was just thinking out loud.

Even easier:
Create the sanitized query string.
Redirect to the same page again with the sanitized query string.
0
 
newbiewebSr. Software EngineerAuthor Commented:
Instead of sanitizing the string, the fact is...

if a goto param starts with http://evil.com

I would remove the whole string.

This clears out the Collection.

filterContext.HttpContext.Request.QueryString

I do not have a list of what the domain SHOULD BE, since the hacker likely created a bunch of garbage params AFTER evil.com. So, it seems the only option is to remove the entire collection item associated with "goto".

Once the list's empty, how do I redirect to the root domain?

I assume it's contained in:

filterContext.HttpContext.Request
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
.Net makes it easy for us.

You could just redirect to "~/" which will go to the root of the application.  

The fact is though if it's a querystring parameter your application will not respond to it unless you tell it to do something with it.

Are you handling other goto requests?  Including that of different urls?

Can you give an example of a good query string versus a bad query string?
0
 
newbiewebSr. Software EngineerAuthor Commented:
Good:
http://mydomain.org/ContentManagement/?goto=http://mydomain.org:80/ContentManagement/

Bad:
http://mydomain.org/ContentManagement/?goto=http://mydomain.org.evil.com:80/ContentManagement/
0
 
newbiewebSr. Software EngineerAuthor Commented:
But I have no plans to "fix" a broken domain.
0
 
newbiewebSr. Software EngineerAuthor Commented:
We are okay with the default error behavior handling misformed URL's, like the following may me:

http://mydomain.org/ContentManagement

with no goto param, I mean.
0
 
Kyle AbrahamsSenior .Net DeveloperCommented:
so if you detect a broken domain just redirect to the current page with the query string.
0
 
newbiewebSr. Software EngineerAuthor Commented:
but how?
0
 
newbiewebSr. Software EngineerAuthor Commented:
That works perfectly. Thanks!
0
 
newbiewebSr. Software EngineerAuthor Commented:
Ignore that question.
0
 
newbiewebSr. Software EngineerAuthor Commented:
I thought I was ready to commit the code...

But it seemed to stop re-routing, and I am not sure why.

From the perspective of the debugger, it all works. When I look in the URL bar on the browser, the value is not updated.

Here is the new question...

https://www.experts-exchange.com/questions/29088895/Why-does-this-code-not-re-route.html
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.