Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feed) as a special element, e.g. to separate headers or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CRLF injection can be used to inject malicious headers in HTTP responses (HTTP response splitting), forge log entries, or manipulate other protocols that use CRLF as a delimiter.
Comment corriger cette vulnérabilité
Stratégies de prévention pour CRLF Injection basées sur 3 règles de détection Shoulder.
Validate email addresses and reject input containing CRLF characters
package main import ( - "net/http" - "net/smtp" - ) - - func handler(w http.ResponseWriter, r *http.Request) { - to := r.FormValue("to") - subject := r.FormValue("subject") - // Vulnerable: user input in email headers without validation - msg := []byte("To: " + to + "\r\nSubject: " + subject + "\r\n\r\nBody") + "errors" + "net/http" + "net/mail" + "net/smtp" + "strings" + ) + + func sanitizeHeader(s string) (string, error) { + if strings.ContainsAny(s, "\r\n") { + return "", errors.New("invalid characters in header") + } + return s, nil + } + + func handler(w http.ResponseWriter, r *http.Request) { + to := r.FormValue("to") + subject := r.FormValue("subject") + // Validate email address + if _, err := mail.ParseAddress(to); err != nil { + http.Error(w, "Invalid email", 400) + return + } + // Reject CRLF in subject + safeSubject, err := sanitizeHeader(subject) + if err != nil { + http.Error(w, "Invalid subject", 400) + return + } + msg := []byte("To: " + to + "\r\nSubject: " + safeSubject + "\r\n\r\nBody") smtp.SendMail("smtp:25", nil, "[email protected]", []string{to}, msg) }
Validate email addresses and strip CRLF characters from header values
- app.post('/contact', async (req, res) => { - await transporter.sendMail({ - to: req.body.email, - subject: req.body.subject, + const validator = require('validator'); + + app.post('/contact', async (req, res) => { + if (!validator.isEmail(req.body.email)) { + return res.status(400).json({ error: 'Invalid email' }); + } + const safeSubject = req.body.subject.replace(/[\r\n]/g, '').slice(0, 200); + await transporter.sendMail({ + to: '[email protected]', + subject: safeSubject, text: req.body.message }); });
Strip newline characters from email headers before use
from django.core.mail import send_mail - def contact(request): - subject = request.POST.get('subject') - send_mail( - subject=subject, + def sanitize_header(value): + return value.replace('\r', '').replace('\n', '') + + def contact(request): + subject = request.POST.get('subject', '') + safe_subject = sanitize_header(subject) + send_mail( + subject=safe_subject, message='Hello', from_email='[email protected]', recipient_list=['[email protected]'] )
Trouvez les vulnérabilités dans votre code
Utilisez Shoulder pour scanner votre code à la recherche de patterns Improper Neutralization of CRLF Sequences ('CRLF Injection'). 3 règles.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=93 # Or scan entire project npx @shoulderdev/cli trust .
Règles de Détection (3)
Ce qu'il faut surveiller lors des revues de code
Ces patterns indiquent des vulnérabilités potentielles Improper Neutralization of CRLF Sequences ('CRLF Injection'). Recherchez-les lors des revues de code et des audits de sécurité.
Scannez votre base de code pour Improper Neutralization of CRLF Sequences ('CRLF Injection')
Shoulder CLI trouve les motifs vulnérables dans toute votre base de code.