# Open Redirect

- ID: go-open-redirect
- Severity: MEDIUM
- CWE: Open Redirect (CWE-601)
- Languages: Go

## Description

User-controlled input used in http.Redirect without URL validation.

## Detection Message

User input flows to redirect without validation

## Remediation

Validate redirect URLs against a whitelist of allowed domains.

```go
allowed := map[string]bool{"example.com": true}
u, err := url.Parse(redirectURL)
if err != nil || !allowed[u.Host] {
    http.Error(w, "Invalid redirect", 400)
    return
}
http.Redirect(w, r, redirectURL, http.StatusFound)
```

Learn more: https://shoulder.dev/learn/go/cwe-601/open-redirect

## Documentation

[object Object]

## Related Rules

- **Next.js Open Redirect** [MEDIUM]: 
- **Open Redirect via Untrusted URLs** [MEDIUM]: 
- **Open Redirect** [MEDIUM]: