Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feed) as a special element, e.g. to separate headers or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CRLF injection can be used to inject malicious headers in HTTP responses (HTTP response splitting), forge log entries, or manipulate other protocols that use CRLF as a delimiter.
इस भेद्यता को कैसे ठीक करें
3 Shoulder डिटेक्शन नियमों पर आधारित CRLF Injection के लिए रोकथाम रणनीतियाँ।
Validate email addresses and reject input containing CRLF characters
package main import ( - "net/http" - "net/smtp" - ) - - func handler(w http.ResponseWriter, r *http.Request) { - to := r.FormValue("to") - subject := r.FormValue("subject") - // Vulnerable: user input in email headers without validation - msg := []byte("To: " + to + "\r\nSubject: " + subject + "\r\n\r\nBody") + "errors" + "net/http" + "net/mail" + "net/smtp" + "strings" + ) + + func sanitizeHeader(s string) (string, error) { + if strings.ContainsAny(s, "\r\n") { + return "", errors.New("invalid characters in header") + } + return s, nil + } + + func handler(w http.ResponseWriter, r *http.Request) { + to := r.FormValue("to") + subject := r.FormValue("subject") + // Validate email address + if _, err := mail.ParseAddress(to); err != nil { + http.Error(w, "Invalid email", 400) + return + } + // Reject CRLF in subject + safeSubject, err := sanitizeHeader(subject) + if err != nil { + http.Error(w, "Invalid subject", 400) + return + } + msg := []byte("To: " + to + "\r\nSubject: " + safeSubject + "\r\n\r\nBody") smtp.SendMail("smtp:25", nil, "[email protected]", []string{to}, msg) }
Validate email addresses and strip CRLF characters from header values
- app.post('/contact', async (req, res) => { - await transporter.sendMail({ - to: req.body.email, - subject: req.body.subject, + const validator = require('validator'); + + app.post('/contact', async (req, res) => { + if (!validator.isEmail(req.body.email)) { + return res.status(400).json({ error: 'Invalid email' }); + } + const safeSubject = req.body.subject.replace(/[\r\n]/g, '').slice(0, 200); + await transporter.sendMail({ + to: '[email protected]', + subject: safeSubject, text: req.body.message }); });
Strip newline characters from email headers before use
from django.core.mail import send_mail - def contact(request): - subject = request.POST.get('subject') - send_mail( - subject=subject, + def sanitize_header(value): + return value.replace('\r', '').replace('\n', '') + + def contact(request): + subject = request.POST.get('subject', '') + safe_subject = sanitize_header(subject) + send_mail( + subject=safe_subject, message='Hello', from_email='[email protected]', recipient_list=['[email protected]'] )
अपने कोड में भेद्यताएँ खोजें
Improper Neutralization of CRLF Sequences ('CRLF Injection') पैटर्न के लिए अपने कोडबेस को स्कैन करने के लिए Shoulder का उपयोग करें। 3 नियम.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=93 # Or scan entire project npx @shoulderdev/cli trust .
पहचान नियम (3)
कोड समीक्षा में किन बातों पर ध्यान दें
ये पैटर्न संभावित Improper Neutralization of CRLF Sequences ('CRLF Injection') भेद्यताओं का संकेत देते हैं। कोड समीक्षा और सुरक्षा ऑडिट के दौरान इन्हें देखें।
अपने कोडबेस को इसके लिए स्कैन करें: Improper Neutralization of CRLF Sequences ('CRLF Injection')
Shoulder CLI आपके पूरे कोडबेस में भेद्य पैटर्न खोजता है।