# Inconsistent Interpretation of HTTP Requests ('HTTP Request Smuggling') (CWE-444)

The product acts as an intermediary HTTP agent (such as a proxy or firewall) in the data flow between two entities, but it does not interpret malformed HTTP requests in the same way as the entities it is communicating with.

- Prevalence: Medium 1 language covered
- Impact: Medium Review recommended
- Prevention: Documented 1 fix examples

**OWASP:** Security Misconfiguration (A05:2021-Security Misconfiguration) - #5

## Description

HTTP request smuggling exploits discrepancies in how different servers parse HTTP requests. Attackers can use this to bypass security controls, poison caches, or hijack other users' requests.

## Prevention

### Python

Hash user input before using it in cache keys to prevent key injection

## Warning Signs

- [MEDIUM] cache key construction using unsanitized user input

## Consequences

- Bypass Protection Mechanism
- Execute Unauthorized Code
- Gain Privileges

## Mitigations

- Normalize HTTP requests before forwarding
- Use the same HTTP parsing library throughout the infrastructure
- Reject ambiguous requests with conflicting Content-Length and Transfer-Encoding

## Detection

- Total rules: 1
- Languages: python

## Rules by Language

### Python (1 rules)

- **HTTP Cache Poisoning** [MEDIUM]: Detects cache key construction using unsanitized user input. Cache poisoning
occurs when attackers manipulate cache keys to serve malicious content to
other users or bypass security controls.
  - Remediation: Hash user input before using in cache keys to prevent poisoning.

```python
import hashlib

def safe_cache_key(user_input: str) -> str:
    safe = ''.join(c for c in user_input if c.isalnum())
    return hashlib.sha256(safe.encode()).hexdigest()[:16]

cache_key = safe_cache_key(request.args.get('q'))
cache.set(cache_key, results, timeout=300)
```

Learn more: https://shoulder.dev/learn/python/cwe-444/cache-poisoning