Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feed) as a special element, e.g. to separate headers or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CRLF injection can be used to inject malicious headers in HTTP responses (HTTP response splitting), forge log entries, or manipulate other protocols that use CRLF as a delimiter.
So behebst du diese Schwachstelle
Präventionsstrategien für CRLF Injection basierend auf 3 Shoulder-Erkennungsregeln.
Validate email addresses and reject input containing CRLF characters
package main import ( - "net/http" - "net/smtp" - ) - - func handler(w http.ResponseWriter, r *http.Request) { - to := r.FormValue("to") - subject := r.FormValue("subject") - // Vulnerable: user input in email headers without validation - msg := []byte("To: " + to + "\r\nSubject: " + subject + "\r\n\r\nBody") + "errors" + "net/http" + "net/mail" + "net/smtp" + "strings" + ) + + func sanitizeHeader(s string) (string, error) { + if strings.ContainsAny(s, "\r\n") { + return "", errors.New("invalid characters in header") + } + return s, nil + } + + func handler(w http.ResponseWriter, r *http.Request) { + to := r.FormValue("to") + subject := r.FormValue("subject") + // Validate email address + if _, err := mail.ParseAddress(to); err != nil { + http.Error(w, "Invalid email", 400) + return + } + // Reject CRLF in subject + safeSubject, err := sanitizeHeader(subject) + if err != nil { + http.Error(w, "Invalid subject", 400) + return + } + msg := []byte("To: " + to + "\r\nSubject: " + safeSubject + "\r\n\r\nBody") smtp.SendMail("smtp:25", nil, "[email protected]", []string{to}, msg) }
Validate email addresses and strip CRLF characters from header values
- app.post('/contact', async (req, res) => { - await transporter.sendMail({ - to: req.body.email, - subject: req.body.subject, + const validator = require('validator'); + + app.post('/contact', async (req, res) => { + if (!validator.isEmail(req.body.email)) { + return res.status(400).json({ error: 'Invalid email' }); + } + const safeSubject = req.body.subject.replace(/[\r\n]/g, '').slice(0, 200); + await transporter.sendMail({ + to: '[email protected]', + subject: safeSubject, text: req.body.message }); });
Strip newline characters from email headers before use
from django.core.mail import send_mail - def contact(request): - subject = request.POST.get('subject') - send_mail( - subject=subject, + def sanitize_header(value): + return value.replace('\r', '').replace('\n', '') + + def contact(request): + subject = request.POST.get('subject', '') + safe_subject = sanitize_header(subject) + send_mail( + subject=safe_subject, message='Hello', from_email='[email protected]', recipient_list=['[email protected]'] )
Finden Sie Schwachstellen in Ihrem Code
Verwenden Sie Shoulder, um Ihren Code nach Improper Neutralization of CRLF Sequences ('CRLF Injection')-Mustern zu scannen. 3 Regeln.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=93 # Or scan entire project npx @shoulderdev/cli trust .
Erkennungsregeln (3)
Worauf bei Code-Reviews zu achten ist
Diese Muster weisen auf potenzielle Improper Neutralization of CRLF Sequences ('CRLF Injection')-Schwachstellen hin. Achten Sie bei Code-Reviews und Sicherheitsaudits darauf.
Scanne deine Codebasis nach Improper Neutralization of CRLF Sequences ('CRLF Injection')
Shoulder CLI findet anfällige Muster in deiner gesamten Codebasis.