io.codemodder.codemods.SanitizeHttpHeaderCodemod.report.json Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of core-codemods Show documentation
Show all versions of core-codemods Show documentation
Codemods for fixing common errors across many Java projects
{
"summary" : "Introduced protections against HTTP header injection / smuggling attacks",
"control" : "https://github.com/pixee/java-security-toolkit/blob/main/src/main/java/io/github/pixee/security/Newlines.java",
"change" : "Added a call to replace any newlines that are present in the variable",
"reviewGuidanceJustification" : "This codemod cleanly enforces the boundaries in the HTTP protocol, and we believe it presents no risk.",
"references" : ["https://www.netsparker.com/blog/web-security/crlf-http-header/", "https://owasp.org/www-community/attacks/HTTP_Response_Splitting", "https://regilero.github.io/security/english/2015/10/04/http_smuggling_in_2015_part_one/"]
}