Improper Neutralization of CRLF Sequences ('CRLF Injection')
The product uses CRLF (carriage return line feed) as a special element, e.g. to separate headers or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.
CRLF injection can be used to inject malicious headers in HTTP responses (HTTP response splitting), forge log entries, or manipulate other protocols that use CRLF as a delimiter.
Como corrigir esta vulnerabilidade
Estratégias de prevenção para CRLF Injection baseadas em 3 regras de detecção do Shoulder.
Validate email addresses and reject input containing CRLF characters
package main import ( - "net/http" - "net/smtp" - ) - - func handler(w http.ResponseWriter, r *http.Request) { - to := r.FormValue("to") - subject := r.FormValue("subject") - // Vulnerable: user input in email headers without validation - msg := []byte("To: " + to + "\r\nSubject: " + subject + "\r\n\r\nBody") + "errors" + "net/http" + "net/mail" + "net/smtp" + "strings" + ) + + func sanitizeHeader(s string) (string, error) { + if strings.ContainsAny(s, "\r\n") { + return "", errors.New("invalid characters in header") + } + return s, nil + } + + func handler(w http.ResponseWriter, r *http.Request) { + to := r.FormValue("to") + subject := r.FormValue("subject") + // Validate email address + if _, err := mail.ParseAddress(to); err != nil { + http.Error(w, "Invalid email", 400) + return + } + // Reject CRLF in subject + safeSubject, err := sanitizeHeader(subject) + if err != nil { + http.Error(w, "Invalid subject", 400) + return + } + msg := []byte("To: " + to + "\r\nSubject: " + safeSubject + "\r\n\r\nBody") smtp.SendMail("smtp:25", nil, "[email protected]", []string{to}, msg) }
Validate email addresses and strip CRLF characters from header values
- app.post('/contact', async (req, res) => { - await transporter.sendMail({ - to: req.body.email, - subject: req.body.subject, + const validator = require('validator'); + + app.post('/contact', async (req, res) => { + if (!validator.isEmail(req.body.email)) { + return res.status(400).json({ error: 'Invalid email' }); + } + const safeSubject = req.body.subject.replace(/[\r\n]/g, '').slice(0, 200); + await transporter.sendMail({ + to: '[email protected]', + subject: safeSubject, text: req.body.message }); });
Strip newline characters from email headers before use
from django.core.mail import send_mail - def contact(request): - subject = request.POST.get('subject') - send_mail( - subject=subject, + def sanitize_header(value): + return value.replace('\r', '').replace('\n', '') + + def contact(request): + subject = request.POST.get('subject', '') + safe_subject = sanitize_header(subject) + send_mail( + subject=safe_subject, message='Hello', from_email='[email protected]', recipient_list=['[email protected]'] )
Encontre vulnerabilidades no seu código
Use o Shoulder para escanear seu código em busca de padrões Improper Neutralization of CRLF Sequences ('CRLF Injection'). 3 regras.
# Scan with Shoulder CLI npx @shoulderdev/cli trust --cwe=93 # Or scan entire project npx @shoulderdev/cli trust .
Regras de Detecção (3)
O que observar nas revisões de código
Estes padrões indicam vulnerabilidades potenciais de Improper Neutralization of CRLF Sequences ('CRLF Injection'). Procure-os durante revisões de código e auditorias de segurança.
Escaneie seu código para Improper Neutralization of CRLF Sequences ('CRLF Injection')
O Shoulder CLI encontra padrões vulneráveis em todo o seu código.