Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting') (CWE-113)

Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

The product receives data from an HTTP agent/component, and it places this data in HTTP response headers without neutralizing CRLF sequences.

An attacker can inject CRLF sequences into HTTP headers to create additional headers or response body content. This can lead to cache poisoning, cross-site scripting, or other attacks.

Rozpowszechnienie

Średnia

Pokryto 3 języków

Wplyw

Wysoki

2 reguł o wysokim poziomie

Zapobieganie

Udokumentowane

3 przykładów poprawek

2 Zapobieganie

Jak naprawić tę podatność

Strategie zapobiegania dla HTTP Response Splitting oparte na 3 regułach detekcji Shoulder.

🐹 Go Zobacz wszystko Go szczegóły →

HTTP Header Injection MEDIUM

Strip CRLF characters from user input before setting HTTP headers

+15 -6 go

  package main
  
- import "net/http"
- 
- func handler(w http.ResponseWriter, r *http.Request) {
-     lang := r.URL.Query().Get("lang")
-     // Vulnerable: user input set as header value
-     w.Header().Set("Content-Language", lang)
+ import (
+     "net/http"
+     "strings"
+ )
+ 
+ func sanitizeHeaderValue(s string) string {
+     s = strings.ReplaceAll(s, "\r", "")
+     s = strings.ReplaceAll(s, "\n", "")
+     return s
+ }
+ 
+ func handler(w http.ResponseWriter, r *http.Request) {
+     lang := r.URL.Query().Get("lang")
+     // Safe: CRLF characters stripped
+     w.Header().Set("Content-Language", sanitizeHeaderValue(lang))
      w.Write([]byte("OK"))
  }

🐍 Python Zobacz wszystko Python szczegóły →

HTTP Header Injection HIGH

Strip CRLF characters from user input before using in HTTP headers

+12 -7 python

- from flask import request, make_response
- 
- @app.route('/download')
- def download():
-     filename = request.args.get('filename')
-     response = make_response("content")
-     response.headers['Content-Disposition'] = f'attachment; filename="{filename}"'
+ import re
+ from flask import request, make_response
+ 
+ def sanitize_header(value):
+     return re.sub(r'[\r\n]', '', str(value))
+ 
+ @app.route('/download')
+ def download():
+     filename = request.args.get('filename', '')
+     safe_filename = sanitize_header(filename)
+     response = make_response("content")
+     response.headers['Content-Disposition'] = f'attachment; filename="{safe_filename}"'
      return response

3 Wykrywanie

Znajdz podatnosci w swoim kodzie

Uzyj Shoulder do skanowania kodu w poszukiwaniu wzorcow Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'). 3 reguly.

terminal

# Scan with Shoulder CLI
npx @shoulderdev/cli trust --cwe=113

# Or scan entire project
npx @shoulderdev/cli trust .

Reguly Wykrywania (3)

🐹 Go 1 rules

HTTP Header Injection MEDIUM

Detects user input flowing to HTTP headers without CRLF sanitization.

🟨 Javascript 1 rules

HTTP Header Injection (Response Splitting) HIGH

Detects user input flowing into HTTP response headers without CRLF sanitization.

🔷 Typescript 1 rules

HTTP Header Injection (Response Splitting) HIGH

Detects user input flowing into HTTP response headers without CRLF sanitization.

🐍 Python 1 rules

HTTP Header Injection HIGH

Detects user input flowing into HTTP response headers without CRLF sanitization.

4 Sygnaly Ostrzegawcze

Na co zwracac uwage podczas przegladu kodu

Te wzorce wskazuja na potencjalne podatnosci Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting'). Szukaj ich podczas przegladow kodu i audytow bezpieczenstwa.

🟠

user input flowing into HTTP response headers without CRLF sanitization javascript-header-injection

🟡

user input flowing to HTTP headers without CRLF sanitization go-header-injection

🔍

Przeskanuj swój kod w poszukiwaniu Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')

Shoulder CLI znajduje podatne wzorce w całym Twoim kodzie.

npx shoulder trust Przeglądaj wszystkie reguły