# HTTP Cache Poisoning

- ID: python-cache-poisoning
- Severity: MEDIUM
- CWE: CWE-444 (CWE-444)
- Languages: Python
- Frameworks: flask, django, fastapi

## Description

Detects cache key construction using unsanitized user input. Cache poisoning
occurs when attackers manipulate cache keys to serve malicious content to
other users or bypass security controls.

## Remediation

Hash user input before using in cache keys to prevent poisoning.

```python
import hashlib

def safe_cache_key(user_input: str) -> str:
    safe = ''.join(c for c in user_input if c.isalnum())
    return hashlib.sha256(safe.encode()).hexdigest()[:16]

cache_key = safe_cache_key(request.args.get('q'))
cache.set(cache_key, results, timeout=300)
```

Learn more: https://shoulder.dev/learn/python/cwe-444/cache-poisoning

## Documentation

[object Object]